Search criteria
613 vulnerabilities found for solidfire by netapp
VAR-201611-0348
Vulnerability from variot - Updated: 2024-07-23 21:46named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens "INSIST((valoptions & 0x0002U) != 0) failed" , db.c so assertion failure If this happens "REQUIRE(targetp != ((void )0) && targetp == ((void *)0)) failed" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. ISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and 9.11.0 are vulnerable. 5 client) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: bind security update Advisory ID: RHSA-2016:2871-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html Issue date: 2016-12-06 CVE Names: CVE-2016-8864 =====================================================================
- Summary:
An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
- A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. (CVE-2016-8864)
Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.7):
Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):
x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: bind-9.7.3-8.P3.el6_2.6.src.rpm
x86_64: bind-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-libs-9.7.3-8.P3.el6_2.6.i686.rpm bind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm
x86_64: bind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm
x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm
x86_64: bind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.6):
Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm
x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.6):
Source: bind-9.8.2-0.30.rc1.el6_6.7.src.rpm
x86_64: bind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: bind-9.8.2-0.37.rc1.el6_7.9.src.rpm
i386: bind-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm
ppc64: bind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm
s390x: bind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm
x86_64: bind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.2):
Source: bind-9.7.3-8.P3.el6_2.6.src.rpm
x86_64: bind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm bind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-devel-9.7.3-8.P3.el6_2.6.i686.rpm bind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm bind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: bind-9.8.2-0.17.rc1.el6_4.10.src.rpm
x86_64: bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm bind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm bind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm
x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.5):
Source: bind-9.8.2-0.23.rc1.el6_5.5.src.rpm
x86_64: bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm bind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm bind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.6):
x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.6):
x86_64: bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm bind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm bind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.7):
i386: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm bind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm bind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-8864 https://access.redhat.com/security/updates/classification/#important https://kb.isc.org/article/AA-01434
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj KpG5DRbXaKAdrUMg5IeIS+s= =aWJX -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3119-1 November 01, 2016
bind9 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Bind could be made to crash if it received specially crafted network traffic.
Software Description: - bind9: Internet Domain Name Server
Details:
Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1
Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.2
Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.10
Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.19
In general, a standard system update will make all the necessary changes. 7.2) - ppc64, ppc64le, s390x, x86_64
Bug Fix(es):
-
ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459648)
Release Date: 2017-01-27 Last Updated: 2017-01-27
Potential Security Impact: Remote: Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS).
- HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-8864
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-9131
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-9444
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named.
- BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA)
- Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot
Note: The depot files can be found here: https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=BIND
MANUAL ACTIONS: Yes - Update
Download and install the software update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HPE and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically.
For more information see:
https://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb r=B6834AA The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31 IA/PA
===================
NameService.BIND-AUX
NameService.BIND-RUN
action: install C.9.9.4.9.0 or subsequent
HISTORY Version:1 (rev.1) - 28 January 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Workaround
There is no known workaround at this time.
Resolution
All BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.10.4_p4"
References
[ 1 ] CVE-2016-8864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-26
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0348",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bind",
"scope": "eq",
"trust": 1.8,
"vendor": "isc",
"version": "9.11.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.9.9"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "bind",
"scope": "lt",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.4"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.0"
},
{
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.0.0"
},
{
"model": "bind",
"scope": "lt",
"trust": 1.0,
"vendor": "isc",
"version": "9.9.9"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "eq",
"trust": 0.9,
"vendor": "isc",
"version": "9.0.1"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.9,
"vendor": "isc",
"version": "9.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.0.x from 9.8.x"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.10.0 from 9.10.4-p3"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.9.0 from 9.9.9-p3"
},
{
"model": "bind",
"scope": "lte",
"trust": 0.8,
"vendor": "isc",
"version": "9.9.3-s1 from 9.9.9-s5"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.6,
"vendor": "isc",
"version": "9.2.4"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.6,
"vendor": "isc",
"version": "9.0.0"
},
{
"model": "junos 15.1x49-d60",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 15.1x49-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 15.1x49-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 15.1x49-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 15.1x49-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 15.1x49-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d60",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d55",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d51",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d50",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d46",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d45",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d37",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d36",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.4"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "hp-ux bind b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip websafe",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.6.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "junos 15.1x49-d70",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d45",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d65",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94067"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.9.9",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.10.4",
"versionStartIncluding": "9.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:alpha1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:alpha3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:9.11.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "and others, Marco Davids (SIDN Labs),ony Finch (University of Cambridge)",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
}
],
"trust": 0.6
},
"cve": "CVE-2016-8864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8864",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8864",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8864",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-898",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-8864",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. ISC BIND Is DNAME There is a problem with the response packet containing the record, db.c Or resolver.c so assertion failture ( Violation of representation ) And the result named May end abnormally. (resolver.c so assertion failure If this happens \"INSIST((valoptions \u0026 0x0002U) != 0) failed\" , db.c so assertion failure If this happens \"REQUIRE(targetp != ((void *)0) \u0026\u0026 *targetp == ((void *)0)) failed\" Is displayed. ) According to the developer, 2016 Year 11 Moon 2 No attacks have been observed as of the day, but queries that cause crashes are mentioned on the public mailing list. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. https://cwe.mitre.org/data/definitions/19.htmlService disruption by a remote third party (DoS) An attack may be carried out. ISC BIND is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to crash the application, resulting in a denial-of-service condition. \nISC BIND versions 9.0.x through 9.8.x, 9.9.0 through 9.9.9-P3, 9.9.3-S1 through 9.9.9-S5, 9.10.0 through 9.10.4-P3 and 9.11.0 are vulnerable. 5 client) - i386, x86_64\n\n3. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: bind security update\nAdvisory ID: RHSA-2016:2871-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-2871.html\nIssue date: 2016-12-06\nCVE Names: CVE-2016-8864 \n=====================================================================\n\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat\nEnterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise\nLinux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco\nExtended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update\nSupport. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.6) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* A denial of service flaw was found in the way BIND handled responses\ncontaining a DNAME answer. (CVE-2016-8864)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN\nLabs) as the original reporters. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1389652 - CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.9.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nbind-9.7.3-8.P3.el6_2.6.src.rpm\n\nx86_64:\nbind-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-chroot-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-libs-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-libs-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-utils-9.7.3-8.P3.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.10.src.rpm\n\nx86_64:\nbind-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-chroot-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-libs-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-utils-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-chroot-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-libs-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-utils-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.7.src.rpm\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.6):\n\nSource:\nbind-9.8.2-0.30.rc1.el6_6.7.src.rpm\n\nx86_64:\nbind-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-chroot-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-libs-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-utils-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nbind-9.8.2-0.37.rc1.el6_7.9.src.rpm\n\ni386:\nbind-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.i686.rpm\n\nppc64:\nbind-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-chroot-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-libs-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-utils-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2):\n\nSource:\nbind-9.7.3-8.P3.el6_2.6.src.rpm\n\nx86_64:\nbind-debuginfo-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-debuginfo-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-devel-9.7.3-8.P3.el6_2.6.i686.rpm\nbind-devel-9.7.3-8.P3.el6_2.6.x86_64.rpm\nbind-sdb-9.7.3-8.P3.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nbind-9.8.2-0.17.rc1.el6_4.10.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-debuginfo-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.10.i686.rpm\nbind-devel-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\nbind-sdb-9.8.2-0.17.rc1.el6_4.10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5):\n\nSource:\nbind-9.8.2-0.23.rc1.el6_5.5.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-debuginfo-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.i686.rpm\nbind-devel-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\nbind-sdb-9.8.2-0.23.rc1.el6_5.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6):\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6):\n\nx86_64:\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-debuginfo-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.i686.rpm\nbind-devel-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\nbind-sdb-9.8.2-0.30.rc1.el6_6.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7):\n\ni386:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.ppc.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.s390.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-debuginfo-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.i686.rpm\nbind-devel-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\nbind-sdb-9.8.2-0.37.rc1.el6_7.9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-8864\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://kb.isc.org/article/AA-01434\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYRlsfXlSAg2UNWIIRAmy8AJ9xFyJSMmX2XN+lcWzsNNQT7cfR8QCggVOj\nKpG5DRbXaKAdrUMg5IeIS+s=\n=aWJX\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3119-1\nNovember 01, 2016\n\nbind9 vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nBind could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nTony Finch and Marco Davids discovered that Bind incorrectly handled\ncertain responses containing a DNAME answer. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.10:\n bind9 1:9.10.3.dfsg.P4-10.1ubuntu1.1\n\nUbuntu 16.04 LTS:\n bind9 1:9.10.3.dfsg.P4-8ubuntu1.2\n\nUbuntu 14.04 LTS:\n bind9 1:9.9.5.dfsg-3ubuntu0.10\n\nUbuntu 12.04 LTS:\n bind9 1:9.8.1.dfsg.P1-4ubuntu0.19\n\nIn general, a standard system update will make all the necessary changes. 7.2) - ppc64, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK)\nrollover during October 2017. Maintaining an up-to-date KSK is essential\nfor ensuring that validating DNS resolvers continue to function following\nthe rollover. (BZ#1459648)\n\n4. \n\nRelease Date: 2017-01-27\nLast Updated: 2017-01-27\n\nPotential Security Impact: Remote: Denial of Service (DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). \n\n - HP-UX BIND B.11.31 - BIND 9.9.4 prior to C.9.9.4.9.0\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-8864\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-9131\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-9444\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following software updates to resolve the vulnerability in the HP-UX BIND service running named. \n\n * BIND 9.9.4 for HP-UX Release B.11.31 (PA and IA)\n * Depot: HP_UX_11.31_HPUX-NameServer_C.9.9.4.9.0_HP-UX_B.11.31_IA_PA.depot\n\nNote: The depot files can be found here:\n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=BIND\u003e\n\n MANUAL ACTIONS: Yes - Update \n Download and install the software update\n \n PRODUCT SPECIFIC INFORMATION \n HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application \n that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins \n issued by HPE and lists recommended actions that may apply to a specific HP-UX \n system. It can also download patches and create a depot automatically. \nFor more information see:\n \n\u003chttps://h20392.www2.hpe.com/portal/swdepot/displayProductInfo.do?productNumb\nr=B6834AA\u003e\n The following text is for use by the HP-UX Software Assistant. \n\n AFFECTED VERSIONS\n\n HP-UX B.11.31 IA/PA \n =================== \n NameService.BIND-AUX \n NameService.BIND-RUN \n action: install C.9.9.4.9.0 or subsequent\n\nHISTORY\nVersion:1 (rev.1) - 28 January 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BIND users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.10.4_p4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-8864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8864\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-26\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8864"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "BID",
"id": "94067"
},
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "PACKETSTORM",
"id": "139496"
},
{
"db": "PACKETSTORM",
"id": "139541"
},
{
"db": "PACKETSTORM",
"id": "140046"
},
{
"db": "PACKETSTORM",
"id": "139461"
},
{
"db": "PACKETSTORM",
"id": "143169"
},
{
"db": "PACKETSTORM",
"id": "140943"
},
{
"db": "PACKETSTORM",
"id": "140436"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8864",
"trust": 3.5
},
{
"db": "ISC",
"id": "AA-01434",
"trust": 2.4
},
{
"db": "BID",
"id": "94067",
"trust": 2.0
},
{
"db": "ISC",
"id": "AA-01435",
"trust": 1.7
},
{
"db": "ISC",
"id": "AA-01437",
"trust": 1.7
},
{
"db": "ISC",
"id": "AA-01436",
"trust": 1.7
},
{
"db": "ISC",
"id": "AA-01438",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1037156",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92683474",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10785",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2016-8864",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139541",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140046",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139461",
"trust": 0.1
},
{
"db": "ISC",
"id": "AA-01440",
"trust": 0.1
},
{
"db": "ISC",
"id": "AA-01441",
"trust": 0.1
},
{
"db": "ISC",
"id": "AA-01466",
"trust": 0.1
},
{
"db": "ISC",
"id": "AA-01439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143169",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140436",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "BID",
"id": "94067"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "PACKETSTORM",
"id": "139496"
},
{
"db": "PACKETSTORM",
"id": "139541"
},
{
"db": "PACKETSTORM",
"id": "140046"
},
{
"db": "PACKETSTORM",
"id": "139461"
},
{
"db": "PACKETSTORM",
"id": "143169"
},
{
"db": "PACKETSTORM",
"id": "140943"
},
{
"db": "PACKETSTORM",
"id": "140436"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"id": "VAR-201611-0348",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44401007833333334
},
"last_update_date": "2024-07-23T21:46:27.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure",
"trust": 0.8,
"url": "https://kb.isc.org/article/aa-01434"
},
{
"title": "ISC BIND Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65217"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162615 - security advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162141 - security advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162871 - security advisory"
},
{
"title": "Red Hat: Important: bind97 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162142 - security advisory"
},
{
"title": "Red Hat: Important: bind security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20171583 - security advisory"
},
{
"title": "Ubuntu Security Notice: bind9 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3119-1"
},
{
"title": "Debian Security Advisories: DSA-3703-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=25170e4c26eb5596b991447b2fe3f73c"
},
{
"title": "Arch Linux Advisories: [ASA-201611-3] bind: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201611-3"
},
{
"title": "Debian Security Advisories: DSA-3795-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e9e51aab92f45f9d888ad1ffc92c4f3d"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2017-3135: Assertion failure when using DNS64 and RPZ can lead to crash",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=81f60d35c70eaa48875e5b7abedb8f93"
},
{
"title": "Amazon Linux AMI: ALAS-2016-768",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-768"
},
{
"title": "Red Hat: CVE-2016-8864",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-8864"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2016-8864"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-6170: Improper restriction of zone size limit",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e02ec149f48761d28abbc8f9e7aa9438"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=242cf61148134d5daf6c6f211f3dc7b2"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2775: A query name which is too long can cause a segmentation fault in lwresd",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=203ff59e2f48888eafac702f965368d2"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1b1bb9752a4b7727509a33fc1bcf30af"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=da9e0b6af817aa72c070683e0bb02db7"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9d0264b02e692c0714293a515e15b50a"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2016-2776: Assertion failure in query processing",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fdfc8fe346679f9224f550ec67083216"
},
{
"title": "Forcepoint Security Advisories: CVE-2016-8864 BIND Security Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=4a067339d3ba130473f82866197373b9"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=586e6062440cdd312211d748e028164e"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=21c0efa2643d707e2f50a501209eb75c"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=13f3551b67d913fba90df4b2c0dae0bf"
},
{
"title": "check_debsecan",
"trust": 0.1,
"url": "https://github.com/amd1212/check_debsecan "
},
{
"title": "Vision",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision "
},
{
"title": "Vision2",
"trust": 0.1,
"url": "https://github.com/coolervoid/vision2 "
},
{
"title": "bind9",
"trust": 0.1,
"url": "https://github.com/altinners/bind9 "
},
{
"title": "balabit-os-7-bind9",
"trust": 0.1,
"url": "https://github.com/balabit-deps/balabit-os-7-bind9 "
},
{
"title": "os-bind9",
"trust": 0.1,
"url": "https://github.com/pexip/os-bind9 "
},
{
"title": "rhsecapi",
"trust": 0.1,
"url": "https://github.com/redhatofficial/rhsecapi "
},
{
"title": "cve-pylib",
"trust": 0.1,
"url": "https://github.com/redhatproductsecurity/cve-pylib "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2017/04/13/monster_patch_day_for_juniper/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://kb.isc.org/article/aa-01434"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2871.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2615.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201701-26"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1583"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2142.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94067"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/article/aa-01438"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/article/aa-01437"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/article/aa-01436"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/article/aa-01435"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3703"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05381687"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037156"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-16:34.bind.asc"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-2141.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8864"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2016/at160044.html"
},
{
"trust": 0.8,
"url": "https://www.nic.ad.jp/ja/topics/2016/20161102-01.html"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2016-11-02-bind9-vuln-dname.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92683474/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8864"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8864"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05381687"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-8864"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "http://www.isc.org/products/bind/"
},
{
"trust": 0.3,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35322517.html?sr=59127107"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10785\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024402"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/bind_advisory14.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994505"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9131"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9444"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/617.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2016:2615"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3119-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49560"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.p1-4ubuntu0.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.9.5.dfsg-3ubuntu0.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-10.1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3119-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-9147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-9444"
},
{
"trust": 0.1,
"url": "https://kb.isc.org/article/aa-01441"
},
{
"trust": 0.1,
"url": "https://kb.isc.org/article/aa-01439"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-3137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9147"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-9131"
},
{
"trust": 0.1,
"url": "https://kb.isc.org/article/aa-01440"
},
{
"trust": 0.1,
"url": "https://kb.isc.org/article/aa-01466"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-8864"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "BID",
"id": "94067"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "PACKETSTORM",
"id": "139496"
},
{
"db": "PACKETSTORM",
"id": "139541"
},
{
"db": "PACKETSTORM",
"id": "140046"
},
{
"db": "PACKETSTORM",
"id": "139461"
},
{
"db": "PACKETSTORM",
"id": "143169"
},
{
"db": "PACKETSTORM",
"id": "140943"
},
{
"db": "PACKETSTORM",
"id": "140436"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"db": "BID",
"id": "94067"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"db": "PACKETSTORM",
"id": "139496"
},
{
"db": "PACKETSTORM",
"id": "139541"
},
{
"db": "PACKETSTORM",
"id": "140046"
},
{
"db": "PACKETSTORM",
"id": "139461"
},
{
"db": "PACKETSTORM",
"id": "143169"
},
{
"db": "PACKETSTORM",
"id": "140943"
},
{
"db": "PACKETSTORM",
"id": "140436"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-02T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94067"
},
{
"date": "2016-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"date": "2016-11-02T20:15:40",
"db": "PACKETSTORM",
"id": "139496"
},
{
"date": "2016-11-04T20:10:20",
"db": "PACKETSTORM",
"id": "139541"
},
{
"date": "2016-12-06T16:56:18",
"db": "PACKETSTORM",
"id": "140046"
},
{
"date": "2016-11-01T22:21:46",
"db": "PACKETSTORM",
"id": "139461"
},
{
"date": "2017-06-28T20:19:00",
"db": "PACKETSTORM",
"id": "143169"
},
{
"date": "2017-02-06T17:16:00",
"db": "PACKETSTORM",
"id": "140943"
},
{
"date": "2017-01-11T18:55:42",
"db": "PACKETSTORM",
"id": "140436"
},
{
"date": "2016-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"date": "2016-11-02T17:59:00.187000",
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8864"
},
{
"date": "2017-05-02T03:10:00",
"db": "BID",
"id": "94067"
},
{
"date": "2016-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005674"
},
{
"date": "2020-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-898"
},
{
"date": "2020-08-17T17:44:23.360000",
"db": "NVD",
"id": "CVE-2016-8864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "139496"
},
{
"db": "PACKETSTORM",
"id": "139541"
},
{
"db": "PACKETSTORM",
"id": "140046"
},
{
"db": "PACKETSTORM",
"id": "139461"
},
{
"db": "PACKETSTORM",
"id": "143169"
},
{
"db": "PACKETSTORM",
"id": "140436"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ISC BIND of DNAME Vulnerability in processing response packets containing records",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005674"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-898"
}
],
"trust": 0.6
}
}
VAR-202208-2263
Vulnerability from variot - Updated: 2024-07-23 21:44When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. Haxx of cURL Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. A security vulnerability exists in curl versions 4.9 through 7.84. ========================================================================== Ubuntu Security Notice USN-5587-1 September 01, 2022
curl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
curl could be denied access to a HTTP(S) content if it recieved a specially crafted cookie.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.4 libcurl3-gnutls 7.81.0-1ubuntu1.4 libcurl3-nss 7.81.0-1ubuntu1.4 libcurl4 7.81.0-1ubuntu1.4
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.13 libcurl3-gnutls 7.68.0-1ubuntu2.13 libcurl3-nss 7.68.0-1ubuntu2.13 libcurl4 7.68.0-1ubuntu2.13
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.20 libcurl3-gnutls 7.58.0-2ubuntu3.20 libcurl3-nss 7.58.0-2ubuntu3.20 libcurl4 7.58.0-2ubuntu3.20
Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm5 libcurl3 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm5 libcurl3-nss 7.47.0-1ubuntu2.19+esm5
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm12 libcurl3 7.35.0-1ubuntu2.20+esm12 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm12 libcurl3-nss 7.35.0-1ubuntu2.20+esm12
In general, a standard system update will make all the necessary changes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security Fix(es): * CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command * CVE-2023-32314 vm2: Sandbox Escape * CVE-2023-32313 vm2: Inspect Manipulation
- Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation for details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online
- Bugs fixed (https://bugzilla.redhat.com/):
2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command 2208376 - CVE-2023-32314 vm2: Sandbox Escape 2208377 - CVE-2023-32313 vm2: Inspect Manipulation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: curl security update Advisory ID: RHSA-2023:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2478 Issue date: 2023-05-09 CVE Names: CVE-2022-35252 CVE-2022-43552 ==================================================================== 1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: Incorrect handling of control code characters in cookies (CVE-2022-35252)
-
curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-devel-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
ppc64le: curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-devel-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
s390x: curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-devel-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
x86_64: curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-devel-7.76.1-23.el9.i686.rpm libcurl-devel-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: curl-7.76.1-23.el9.src.rpm
aarch64: curl-7.76.1-23.el9.aarch64.rpm curl-debuginfo-7.76.1-23.el9.aarch64.rpm curl-debugsource-7.76.1-23.el9.aarch64.rpm curl-minimal-7.76.1-23.el9.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-7.76.1-23.el9.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9.aarch64.rpm libcurl-minimal-7.76.1-23.el9.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm
ppc64le: curl-7.76.1-23.el9.ppc64le.rpm curl-debuginfo-7.76.1-23.el9.ppc64le.rpm curl-debugsource-7.76.1-23.el9.ppc64le.rpm curl-minimal-7.76.1-23.el9.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-7.76.1-23.el9.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-7.76.1-23.el9.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm
s390x: curl-7.76.1-23.el9.s390x.rpm curl-debuginfo-7.76.1-23.el9.s390x.rpm curl-debugsource-7.76.1-23.el9.s390x.rpm curl-minimal-7.76.1-23.el9.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-7.76.1-23.el9.s390x.rpm libcurl-debuginfo-7.76.1-23.el9.s390x.rpm libcurl-minimal-7.76.1-23.el9.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm
x86_64: curl-7.76.1-23.el9.x86_64.rpm curl-debuginfo-7.76.1-23.el9.i686.rpm curl-debuginfo-7.76.1-23.el9.x86_64.rpm curl-debugsource-7.76.1-23.el9.i686.rpm curl-debugsource-7.76.1-23.el9.x86_64.rpm curl-minimal-7.76.1-23.el9.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-7.76.1-23.el9.i686.rpm libcurl-7.76.1-23.el9.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9.i686.rpm libcurl-debuginfo-7.76.1-23.el9.x86_64.rpm libcurl-minimal-7.76.1-23.el9.i686.rpm libcurl-minimal-7.76.1-23.el9.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx nN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB oxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su xFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh L1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy C6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL mGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB 27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT D75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17 r2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ /iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88 Yxf4bV/uBmU=HlZ2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This product release includes bug fixes and security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Description:
Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-10418 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace OCPBUGS-11831 - oc adm node-logs failing in vSphere CI OCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature OCPBUGS-3572 - Check if Windows defender is running doesnt work OCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade OCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process OCPBUGS-7726 - WMCO kubelet version not matching OCP payload's one OCPBUGS-8055 - containerd version is being misreported WINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite WINC-823 - Test generated community manifests in WMCO e2e
- Description:
VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
For more information about VolSync, see:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync
or the VolSync open source community website at: https://volsync.readthedocs.io/en/stable/.
Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode
- Bugs fixed (https://bugzilla.redhat.com/):
2212085 - CVE-2023-3089 openshift: OCP & FIPS mode
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
-
Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3
macOS Monterey 12.6.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213604.
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: This issue was addressed by enabling hardened runtime. CVE-2023-23499: Wojciech Reguła (@_r3ggi) of SecuRing (wojciechregula.blog)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.86.0. CVE-2022-42915 CVE-2022-42916 CVE-2022-32221 CVE-2022-35260
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.85.0. CVE-2022-35252
dcerpc Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco Talos
DiskArbitration Available for: macOS Monterey Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)
DriverKit Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2023-23507: an anonymous researcher
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2023-23504: Adam Doupé of ASU SEFCOM
Kernel Available for: macOS Monterey Impact: An app may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)
PackageKit Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2023-23497: Mickey Jin (@patch1t)
Screen Time Available for: macOS Monterey Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)
Weather Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 248268 CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE WebKit Bugzilla: 248268 CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE
Windows Installer Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: The issue was addressed with improved memory handling. CVE-2023-23508: Mickey Jin (@patch1t)
Additional recognition
Kernel We would like to acknowledge Nick Stenning of Replicate for their assistance.
macOS Monterey 12.6.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6.3"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.85.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7.3"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0 that\u0027s all 11.7.3"
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "h700s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0.0 that\u0027s all 12.6.3"
},
{
"model": "h500s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.85.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.7.3",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.6.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172378"
},
{
"db": "PACKETSTORM",
"id": "172587"
},
{
"db": "PACKETSTORM",
"id": "172195"
},
{
"db": "PACKETSTORM",
"id": "174021"
},
{
"db": "PACKETSTORM",
"id": "174080"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "176746"
}
],
"trust": 0.8
},
"cve": "CVE-2022-35252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35252",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-35252",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4523",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings. Haxx of cURL Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. A security vulnerability exists in curl versions 4.9 through 7.84. ==========================================================================\nUbuntu Security Notice USN-5587-1\nSeptember 01, 2022\n\ncurl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\ncurl could be denied access to a HTTP(S) content if it recieved\na specially crafted cookie. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nAxel Chong discovered that when curl accepted and sent back\ncookies containing control bytes that a HTTP(S) server might\nreturn a 400 (Bad Request Error) response. A malicious cookie\nhost could possibly use this to cause denial-of-service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\ncurl 7.81.0-1ubuntu1.4\nlibcurl3-gnutls 7.81.0-1ubuntu1.4\nlibcurl3-nss 7.81.0-1ubuntu1.4\nlibcurl4 7.81.0-1ubuntu1.4\n\nUbuntu 20.04 LTS:\ncurl 7.68.0-1ubuntu2.13\nlibcurl3-gnutls 7.68.0-1ubuntu2.13\nlibcurl3-nss 7.68.0-1ubuntu2.13\nlibcurl4 7.68.0-1ubuntu2.13\n\nUbuntu 18.04 LTS:\ncurl 7.58.0-2ubuntu3.20\nlibcurl3-gnutls 7.58.0-2ubuntu3.20\nlibcurl3-nss 7.58.0-2ubuntu3.20\nlibcurl4 7.58.0-2ubuntu3.20\n\nUbuntu 16.04 ESM:\ncurl 7.47.0-1ubuntu2.19+esm5\nlibcurl3 7.47.0-1ubuntu2.19+esm5\nlibcurl3-gnutls 7.47.0-1ubuntu2.19+esm5\nlibcurl3-nss 7.47.0-1ubuntu2.19+esm5\n\nUbuntu 14.04 ESM:\ncurl 7.35.0-1ubuntu2.20+esm12\nlibcurl3 7.35.0-1ubuntu2.20+esm12\nlibcurl3-gnutls 7.35.0-1ubuntu2.20+esm12\nlibcurl3-nss 7.35.0-1ubuntu2.20+esm12\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity Fix(es):\n* CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n* CVE-2023-32314 vm2: Sandbox Escape\n* CVE-2023-32313 vm2: Inspect Manipulation\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation for details on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command\n2208376 - CVE-2023-32314 vm2: Sandbox Escape\n2208377 - CVE-2023-32313 vm2: Inspect Manipulation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: curl security update\nAdvisory ID: RHSA-2023:2478-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2478\nIssue date: 2023-05-09\nCVE Names: CVE-2022-35252 CVE-2022-43552\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Incorrect handling of control code characters in cookies\n(CVE-2022-35252)\n\n* curl: Use-after-free triggered by an HTTP proxy deny response\n(CVE-2022-43552)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2120718 - CVE-2022-35252 curl: Incorrect handling of control code characters in cookies\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-devel-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-devel-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-devel-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-devel-7.76.1-23.el9.i686.rpm\nlibcurl-devel-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-23.el9.src.rpm\n\naarch64:\ncurl-7.76.1-23.el9.aarch64.rpm\ncurl-debuginfo-7.76.1-23.el9.aarch64.rpm\ncurl-debugsource-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-7.76.1-23.el9.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-7.76.1-23.el9.aarch64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-7.76.1-23.el9.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-23.el9.ppc64le.rpm\ncurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\ncurl-debugsource-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-7.76.1-23.el9.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-7.76.1-23.el9.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-7.76.1-23.el9.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-23.el9.s390x.rpm\ncurl-debuginfo-7.76.1-23.el9.s390x.rpm\ncurl-debugsource-7.76.1-23.el9.s390x.rpm\ncurl-minimal-7.76.1-23.el9.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-7.76.1-23.el9.s390x.rpm\nlibcurl-debuginfo-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-7.76.1-23.el9.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.s390x.rpm\n\nx86_64:\ncurl-7.76.1-23.el9.x86_64.rpm\ncurl-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-debuginfo-7.76.1-23.el9.x86_64.rpm\ncurl-debugsource-7.76.1-23.el9.i686.rpm\ncurl-debugsource-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-7.76.1-23.el9.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\ncurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-7.76.1-23.el9.i686.rpm\nlibcurl-7.76.1-23.el9.x86_64.rpm\nlibcurl-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-debuginfo-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-7.76.1-23.el9.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-23.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-43552\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo0V9zjgjWX9erEAQhmTw/9FUwLCGRKCmddNVTMAaay54EPggJFOPKx\nnN06YIqiK5arkX4SD58YZrX9J0gUZcwGs6s5WO35pG3F+qJXhe8E8fbzavqRG5NB\noxG+pDC5+6xQxK41tkuLYJoUhF1w4yG8SuMSzroLcpbut/MAjKGGw4qgyNGit1Su\nxFGrDTyFxtj+tUZIQCil0HAqlXswQ7G2ukB9kQBpxNRfR0V2ANfmfkkGj8+xWauh\nL1PcaDezNWgAbgWbuf3mHNiwDMxWsNfcwCbx3P8sF+vRe7q5RdIFNL1oXJkPxQVy\nC6L29KcaLYxToNmUNyrOncWAj8KSlrDngVq3NXnG34lVzqz2t/ouc/0lX4Jc9qTL\nmGwYoXvlTqQgV4hGQPfDufApaukxgZfcSidSfqlNt1amYYNiYcvIyf15dht87ipB\n27ahZWDKvunB4gqMG62XNHyiu9bKmDCyL57ggUBt3wxJ7H9M/OgjsI7C/i/10SMT\nD75GjYaU2TWyGLd4SvbV6/3pA3zAZ0Ffqc66uANwfBXC7jFd2/ykEBir3vJYTq17\nr2YWYgH2sma5kwb7ZHQhLKk+N2a0g1KX+Mr0V2wJ+yAYwkbz6wu/BVDXstBFkumJ\n/iKmtOn0Mk07wo/3wvWu5M4tk4kZzmLzs1/ybH3GWOUbFUxbqgOos3/0Vi/uSW88\nYxf4bV/uBmU=HlZ2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This product release includes bug fixes and security\nupdate for the following packages: windows-machine-config-operator and\nwindows-machine-config-operator-bundle. Description:\n\nRed Hat OpenShift support for Windows Containers allows you to deploy\nWindows container workloads running on Windows Server containers. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-10418 - Case sensitivity issue when label \"openshift.io/cluster-monitoring\" set to \u0027True\u0027 on openshift-windows-machine-config-operator namespace\nOCPBUGS-11831 - oc adm node-logs failing in vSphere CI\nOCPBUGS-15435 - Instance configurations fails on Windows Server 2019 without the container feature\nOCPBUGS-3572 - Check if Windows defender is running doesnt work\nOCPBUGS-4247 - Load balancer shows connectivity outage during Windows nodes upgrade\nOCPBUGS-5894 - Windows nodes do not get drained (deconfigure) during the upgrade process\nOCPBUGS-7726 - WMCO kubelet version not matching OCP payload\u0027s one\nOCPBUGS-8055 - containerd version is being misreported\nWINC-818 - Investigate if the Upgradeable condition is being tested in e2e suite\nWINC-823 - Test generated community manifests in WMCO e2e\n\n6. Description:\n\nVolSync is a Kubernetes operator that enables asynchronous replication of\npersistent volumes within a cluster, or across clusters. After deploying\nthe VolSync operator, it can create and maintain copies of your persistent\ndata. \n\nFor more information about VolSync, see:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync\n\nor the VolSync open source community website at:\nhttps://volsync.readthedocs.io/en/stable/. \n\nSecurity fix(es): * CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2212085 - CVE-2023-3089 openshift: OCP \u0026 FIPS mode\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2023-01-23-5 macOS Monterey 12.6.3\n\nmacOS Monterey 12.6.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213604. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2023-23499: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n(wojciechregula.blog)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.86.0. \nCVE-2022-42915\nCVE-2022-42916\nCVE-2022-32221\nCVE-2022-35260\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.85.0. \nCVE-2022-35252\n\ndcerpc\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2023-23513: Dimitrios Tatsis and Aleksandar Nikolic of Cisco\nTalos\n\nDiskArbitration\nAvailable for: macOS Monterey\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23493: Oliver Norpoth (@norpoth) of KLIXX GmbH (klixx.com)\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2023-23507: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23504: Adam Doup\u00e9 of ASU SEFCOM\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. (@starlabs_sg)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2023-23497: Mickey Jin (@patch1t)\n\nScreen Time\nAvailable for: macOS Monterey\nImpact: An app may be able to access information about a user\u2019s\ncontacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2023-23505: Wojciech Regula of SecuRing (wojciechregula.blog)\n\nWeather\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an\nanonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nWebKit Bugzilla: 248268\nCVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\nWebKit Bugzilla: 248268\nCVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park\n(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),\nJunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE\n\nWindows Installer\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: The issue was addressed with improved memory handling. \nCVE-2023-23508: Mickey Jin (@patch1t)\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Nick Stenning of Replicate for their\nassistance. \n\nmacOS Monterey 12.6.3 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "VULHUB",
"id": "VHN-428403"
},
{
"db": "VULMON",
"id": "CVE-2022-35252"
},
{
"db": "PACKETSTORM",
"id": "168239"
},
{
"db": "PACKETSTORM",
"id": "172378"
},
{
"db": "PACKETSTORM",
"id": "172587"
},
{
"db": "PACKETSTORM",
"id": "172195"
},
{
"db": "PACKETSTORM",
"id": "174021"
},
{
"db": "PACKETSTORM",
"id": "174080"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170697"
},
{
"db": "PACKETSTORM",
"id": "176746"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35252",
"trust": 4.5
},
{
"db": "HACKERONE",
"id": "1613943",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "168239",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-131-05",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98195668",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4375",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4374",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170698",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-428403",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-35252",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174021",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174080",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170165",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176746",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-428403"
},
{
"db": "VULMON",
"id": "CVE-2022-35252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "PACKETSTORM",
"id": "168239"
},
{
"db": "PACKETSTORM",
"id": "172378"
},
{
"db": "PACKETSTORM",
"id": "172587"
},
{
"db": "PACKETSTORM",
"id": "172195"
},
{
"db": "PACKETSTORM",
"id": "174021"
},
{
"db": "PACKETSTORM",
"id": "174080"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170697"
},
{
"db": "PACKETSTORM",
"id": "176746"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"id": "VAR-202208-2263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-428403"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:44:51.339000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213604",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"title": "curl Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=206230"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2022-35252: control code in cookie denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f071eb46e3ac96bc3c50d0406c2d0685"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jtmotox/docker-trivy "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-35252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2023/jan/20"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2023/jan/21"
},
{
"trust": 2.5,
"url": "https://hackerone.com/reports/1613943"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213603"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213604"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98195668/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-05"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170698/apple-security-advisory-2023-01-23-6.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3060"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35252/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213604"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-cookies-control-codes-39156"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168239/ubuntu-security-notice-usn-5587-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4374"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4343"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4375"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-43552"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2023-27535"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-36227"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-1667"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-26604"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36227"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-2283"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27535"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1667"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26604"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24736"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2283"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831"
},
{
"trust": 0.1,
"url": "https://github.com/jtmotox/docker-trivy"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.20"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5587-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.13"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2963"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-22490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-28856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3567"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33655"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33655"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/install/installing#installing-while-connected-online"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42703"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-29007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2478"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25173"
},
{
"trust": 0.1,
"url": "https://volsync.readthedocs.io/en/stable/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-38408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2023-001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-3089"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23507"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23508"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213604."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23502"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:0428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0428.json"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-428403"
},
{
"db": "VULMON",
"id": "CVE-2022-35252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "PACKETSTORM",
"id": "168239"
},
{
"db": "PACKETSTORM",
"id": "172378"
},
{
"db": "PACKETSTORM",
"id": "172587"
},
{
"db": "PACKETSTORM",
"id": "172195"
},
{
"db": "PACKETSTORM",
"id": "174021"
},
{
"db": "PACKETSTORM",
"id": "174080"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170697"
},
{
"db": "PACKETSTORM",
"id": "176746"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-428403"
},
{
"db": "VULMON",
"id": "CVE-2022-35252"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"db": "PACKETSTORM",
"id": "168239"
},
{
"db": "PACKETSTORM",
"id": "172378"
},
{
"db": "PACKETSTORM",
"id": "172587"
},
{
"db": "PACKETSTORM",
"id": "172195"
},
{
"db": "PACKETSTORM",
"id": "174021"
},
{
"db": "PACKETSTORM",
"id": "174080"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170697"
},
{
"db": "PACKETSTORM",
"id": "176746"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-23T00:00:00",
"db": "VULHUB",
"id": "VHN-428403"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"date": "2022-09-02T15:21:41",
"db": "PACKETSTORM",
"id": "168239"
},
{
"date": "2023-05-16T17:09:54",
"db": "PACKETSTORM",
"id": "172378"
},
{
"date": "2023-05-26T14:34:05",
"db": "PACKETSTORM",
"id": "172587"
},
{
"date": "2023-05-09T15:14:58",
"db": "PACKETSTORM",
"id": "172195"
},
{
"date": "2023-08-07T15:59:32",
"db": "PACKETSTORM",
"id": "174021"
},
{
"date": "2023-08-09T15:56:32",
"db": "PACKETSTORM",
"id": "174080"
},
{
"date": "2022-12-08T21:28:44",
"db": "PACKETSTORM",
"id": "170166"
},
{
"date": "2022-12-08T21:28:21",
"db": "PACKETSTORM",
"id": "170165"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2023-01-24T16:41:07",
"db": "PACKETSTORM",
"id": "170697"
},
{
"date": "2024-01-26T15:24:15",
"db": "PACKETSTORM",
"id": "176746"
},
{
"date": "2022-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"date": "2022-09-23T14:15:12.323000",
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-428403"
},
{
"date": "2023-10-23T07:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-018757"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4523"
},
{
"date": "2024-03-27T15:00:36.607000",
"db": "NVD",
"id": "CVE-2022-35252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Haxx\u00a0 of \u00a0cURL\u00a0 Vulnerabilities in Products from Other Vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018757"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4523"
}
],
"trust": 0.6
}
}
VAR-201907-1641
Vulnerability from variot - Updated: 2024-07-23 21:13In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this to expose sensitive information. (CVE-2019-10126)
Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. 8) - aarch64, noarch, ppc64le, s390x, x86_64
For the oldstable distribution (stretch), this problem has been fixed in version 4.9.168-1+deb9u4.
For the stable distribution (buster), this problem has been fixed in version 4.19.37-5+deb10u1. This update includes as well a patch for a regression introduced by the original fix for CVE-2019-11478 (#930904).
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g Tr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X KW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w yxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5 1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV RdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm BxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+ cW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW OuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA ITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha cojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q= =fTIm -----END PGP SIGNATURE----- . 8) - x86_64
- ========================================================================= Ubuntu Security Notice USN-4117-1 September 02, 2019
linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)
Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)
It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)
Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)
Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)
It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)
It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)
Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: linux-image-5.0.0-1014-aws 5.0.0-1014.16 linux-image-aws 5.0.0.1014.15
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4117-1 CVE-2019-10126, CVE-2019-10638, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-3846, CVE-2019-3900
Package Information: https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1014.16 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
New kernel packages are available for Slackware 14.2 to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.182/: Upgraded. These updates fix various bugs and many minor security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.183: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892 Fixed in 4.4.185: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16597 Fixed in 4.4.186: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846 ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-smp-4.4.186_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186-noarch-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz d7e0b9ffdc4265b45d4de39d49d52616 kernel-generic-4.4.186-i586-1.txz c1131f8dd16f7113cc8b1e14c402a9b7 kernel-generic-smp-4.4.186_smp-i686-1.txz ca4630c4ee7056c51f3262152bfb9213 kernel-headers-4.4.186_smp-x86-1.txz 61b95e68756fe9741ddbdc52f397fe49 kernel-huge-4.4.186-i586-1.txz ff981138513726a502d57f9e2aecad36 kernel-huge-smp-4.4.186_smp-i686-1.txz ca8f6fb5fc378d16e5afcee31dd032dc kernel-modules-4.4.186-i586-1.txz 25fc2f1280f1a706705ef4535f4efd1c kernel-modules-smp-4.4.186_smp-i686-1.txz 2d299723d6f910df1e8c21d18070b9ef kernel-source-4.4.186_smp-noarch-1.txz
Slackware x86_64 14.2 packages: 01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz 80caffb238022225afe93b957fecbff2 kernel-generic-4.4.186-x86_64-1.txz f72e4543e3489d18604f33a901e04551 kernel-headers-4.4.186-x86-1.txz 0765db332a94cfedcacd987871903e56 kernel-huge-4.4.186-x86_64-1.txz 8d565a7b223b9444731796e6147116eb kernel-modules-4.4.186-x86_64-1.txz 0254fdbb4430362ea373b47584d8eb30 kernel-source-4.4.186-noarch-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186 | bash
Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.186-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.186 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.
If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-alt security, bug fix, and enhancement update Advisory ID: RHSA-2019:2809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2809 Issue date: 2019-09-20 CVE Names: CVE-2019-5489 CVE-2019-6974 CVE-2019-13272 ==================================================================== 1. Summary:
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le
- Description:
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
-
Kernel: page cache side channel attacks (CVE-2019-5489)
-
Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974)
-
kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
[kernel-alt]: BUG: unable to handle kernel NULL pointer IP: crypto_remove_spawns+0x118/0x2e0 (BZ#1536967)
-
[HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages (BZ#1610534)
-
RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1673613)
-
RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in FIPS mode (BZ#1673979)
-
RHEL-Alt-7.6 - System crashed after oom - During ICP deployment (BZ#1710304)
-
kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)
-
RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3 cores in quad and misses last core. (CORAL) (BZ#1717836)
-
RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN (BZ#1717906)
-
fragmented packets timing out (BZ#1729066)
-
Backport TCP follow-up for small buffers (BZ#1733617)
Enhancement(s):
-
RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading nest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1664110 - CVE-2019-5489 Kernel: page cache side channel attacks 1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() 1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME
- Package List:
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: kernel-alt-4.14.0-115.12.1.el7a.src.rpm
aarch64: kernel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm kernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm perf-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
noarch: kernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm
ppc64le: kernel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm perf-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
s390x: kernel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm kernel-devel-4.14.0-115.12.1.el7a.s390x.rpm kernel-headers-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm kernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm perf-4.14.0-115.12.1.el7a.s390x.rpm perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm python-perf-4.14.0-115.12.1.el7a.s390x.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm
noarch: kernel-doc-4.14.0-115.12.1.el7a.noarch.rpm
ppc64le: kernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm kernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm python-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt CAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct KEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4 qdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1 qrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb UYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS cyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p NfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu ajvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML Ef3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE iwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O ItDqWovzGmk=yv43 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1641",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "lt",
"trust": 1.8,
"vendor": "linux",
"version": "5.1.17"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.58"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "aff a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.2"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.60.3"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.16.71"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.1"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.133"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.16.52"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.1.39"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.185"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.40"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.185"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "h610s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.8.16"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.133",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.17",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.58",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.16.71",
"versionStartIncluding": "3.16.52",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.185",
"versionStartIncluding": "4.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2",
"versionStartIncluding": "4.1.39",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.185",
"versionStartIncluding": "4.4.40",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9",
"versionStartIncluding": "4.8.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Security Research, Ventsislav Varbanovski,Metasploit,nu11secur1ty,Jann Horn,bcoles",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-13272",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13272",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13272",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-13272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit\u0027s pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. Linux Kernel Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use this\nto expose sensitive information. (CVE-2019-10126)\n\nAndrei Vlad Lutas and Dan Lutas discovered that some x86 processors\nincorrectly handle SWAPGS instructions during speculative execution. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 4.9.168-1+deb9u4. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 4.19.37-5+deb10u1. This update includes as well a patch for a\nregression introduced by the original fix for CVE-2019-11478 (#930904). \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0zJkBfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0SvYw/8CJrPtf7juWLaRa3m/LvFewU+BppoJqNaVUbQNXVT90PgH/zDWVbpkJ4g\nTr4MW6tzRKnAfUS+jObsnR9jGo871ZZ2wtlcM3W0bMnCwK6tPnTGiqTauflPXf2X\nKW8V3YLI6W6MxPlSLa2EQkDJ/RfTke4SwQDFDX0lzYjC5LwCwDwKIWBC6P5xBg6w\nyxNh6PHv9++ES8SKYpU3oMlWG43fJZJ8Oyy7Wdk0H84Qcjxb8FDP2iWyRf0Mvb+5\n1uFosUswfN89imMrIFdYhv/z7CYFeHgYA0lPIvQ1gpNWOflrGqoMYL1Pys95mVCV\nRdRBtWy2atPHos6HEgw85cxaTS9Ss9FYB0sL+QCqIdw5ZwTt5+QR+JLNvJ53VKEm\nBxE5TncjlEAOc9t74xti/vBW2eCjp7IPaMP8X8eqWKiaMGJBlwaJEPUSmL4SiZo+\ncW1plAYxc0CYq4lDWo3fcR7tBMQfp1ffDYUNn3DXvHChF1Ebi3zIdGl+oSeNP8hW\nOuaH6/P+qko0S/TNXAK5uaekrzjYv2pWm6xoM10fMVXiT8GiyjIGmSTTu6WvaiCA\nITdy+o/jAfBiQsdFer2MYUna8QxjOy3XClKsy9+yjrj8ciekC4nOPHdz3/CYfOha\ncojPRl2Qd2KSWfEUoze2IqPrr3iAnKFKH6a+WU1XQZuo6r3uo0Q=\n=fTIm\n-----END PGP SIGNATURE-----\n. 8) - x86_64\n\n3. =========================================================================\nUbuntu Security Notice USN-4117-1\nSeptember 02, 2019\n\nlinux-aws vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n\nDetails:\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local attacker\ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A local\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the\nvirtio net driver in the Linux kernel. A local attacker in a guest VM could\npossibly use this to cause a denial of service in the host system. \n(CVE-2019-3900)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n linux-image-5.0.0-1014-aws 5.0.0-1014.16\n linux-image-aws 5.0.0.1014.15\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4117-1\n CVE-2019-10126, CVE-2019-10638, CVE-2019-12984, CVE-2019-13233,\n CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-3846,\n CVE-2019-3900\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1014.16\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)\n\nNew kernel packages are available for Slackware 14.2 to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.182/*: Upgraded. \n These updates fix various bugs and many minor security issues. \n Be sure to upgrade your initrd after upgrading the kernel packages. \n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader. \n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition. \n For more information, see:\n Fixed in 4.4.183:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3892\n Fixed in 4.4.185:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13272\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16597\n Fixed in 4.4.186:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10126\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-generic-smp-4.4.186_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-huge-smp-4.4.186_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-modules-smp-4.4.186_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-firmware-20190717_bf13a71-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-generic-4.4.186-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-headers-4.4.186-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-huge-4.4.186-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-modules-4.4.186-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware66-14.2/patches/packages/linux-4.4.186/kernel-source-4.4.186-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz\nd7e0b9ffdc4265b45d4de39d49d52616 kernel-generic-4.4.186-i586-1.txz\nc1131f8dd16f7113cc8b1e14c402a9b7 kernel-generic-smp-4.4.186_smp-i686-1.txz\nca4630c4ee7056c51f3262152bfb9213 kernel-headers-4.4.186_smp-x86-1.txz\n61b95e68756fe9741ddbdc52f397fe49 kernel-huge-4.4.186-i586-1.txz\nff981138513726a502d57f9e2aecad36 kernel-huge-smp-4.4.186_smp-i686-1.txz\nca8f6fb5fc378d16e5afcee31dd032dc kernel-modules-4.4.186-i586-1.txz\n25fc2f1280f1a706705ef4535f4efd1c kernel-modules-smp-4.4.186_smp-i686-1.txz\n2d299723d6f910df1e8c21d18070b9ef kernel-source-4.4.186_smp-noarch-1.txz\n\n\nSlackware x86_64 14.2 packages:\n01138ebc336b6e6d692697570bb32920 kernel-firmware-20190717_bf13a71-noarch-1.txz\n80caffb238022225afe93b957fecbff2 kernel-generic-4.4.186-x86_64-1.txz\nf72e4543e3489d18604f33a901e04551 kernel-headers-4.4.186-x86-1.txz\n0765db332a94cfedcacd987871903e56 kernel-huge-4.4.186-x86_64-1.txz\n8d565a7b223b9444731796e6147116eb kernel-modules-4.4.186-x86_64-1.txz\n0254fdbb4430362ea373b47584d8eb30 kernel-source-4.4.186-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.186 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.186-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.186 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel-alt security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:2809-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2809\nIssue date: 2019-09-20\nCVE Names: CVE-2019-5489 CVE-2019-6974 CVE-2019-13272\n====================================================================\n1. Summary:\n\nAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le\n\n3. Description:\n\nThe kernel-alt packages provide the Linux kernel version 4.x. \n\nSecurity Fix(es):\n\n* Kernel: page cache side channel attacks (CVE-2019-5489)\n\n* Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n(CVE-2019-6974)\n\n* kernel: broken permission and object lifetime handling for PTRACE_TRACEME\n(CVE-2019-13272)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [kernel-alt]: BUG: unable to handle kernel NULL pointer IP:\ncrypto_remove_spawns+0x118/0x2e0 (BZ#1536967)\n\n* [HPE Apache] update ssif max_xmit_msg_size limit for multi-part messages\n(BZ#1610534)\n\n* RHEL-Alt-7.6 - powerpc/pseries: Fix unitialized timer reset on migration\n/ powerpc/pseries/mobility: Extend start/stop topology update scope (LPM)\n(BZ#1673613)\n\n* RHEL-Alt-7.6 - s390: sha3_generic module fails and triggers panic when in\nFIPS mode (BZ#1673979)\n\n* RHEL-Alt-7.6 - System crashed after oom - During ICP deployment\n(BZ#1710304)\n\n* kernel-alt: Race condition in hashtables [rhel-alt-7.6.z] (BZ#1712127)\n\n* RHEL-Alt-7.6 - OP930:PM_Test:cpupower -r command set values for first 3\ncores in quad and misses last core. (CORAL) (BZ#1717836)\n\n* RHEL-Alt-7.6 - disable runtime NUMA remapping for PRRN/LPM/VPHN\n(BZ#1717906)\n\n* fragmented packets timing out (BZ#1729066)\n\n* Backport TCP follow-up for small buffers (BZ#1733617)\n\nEnhancement(s):\n\n* RHEL-Alt-7.6 - perfevent PMDA cannot create file descriptors for reading\nnest events using the perf API (pcp/kernel) (CORAL) (BZ#1723036)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1664110 - CVE-2019-5489 Kernel: page cache side channel attacks\n1671913 - CVE-2019-6974 Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()\n1730895 - CVE-2019-13272 kernel: broken permission and object lifetime handling for PTRACE_TRACEME\n\n6. Package List:\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nkernel-alt-4.14.0-115.12.1.el7a.src.rpm\n\naarch64:\nkernel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-headers-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-libs-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\n\nnoarch:\nkernel-abi-whitelists-4.14.0-115.12.1.el7a.noarch.rpm\nkernel-doc-4.14.0-115.12.1.el7a.noarch.rpm\n\nppc64le:\nkernel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-bootwrapper-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-headers-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-libs-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\n\ns390x:\nkernel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-debuginfo-common-s390x-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-devel-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-headers-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\nkernel-kdump-devel-4.14.0-115.12.1.el7a.s390x.rpm\nperf-4.14.0-115.12.1.el7a.s390x.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\npython-perf-4.14.0-115.12.1.el7a.s390x.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.s390x.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\nkernel-tools-libs-devel-4.14.0-115.12.1.el7a.aarch64.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.aarch64.rpm\n\nnoarch:\nkernel-doc-4.14.0-115.12.1.el7a.noarch.rpm\n\nppc64le:\nkernel-debug-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debug-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\nkernel-tools-libs-devel-4.14.0-115.12.1.el7a.ppc64le.rpm\nperf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\npython-perf-debuginfo-4.14.0-115.12.1.el7a.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYS+G9zjgjWX9erEAQgWLQ/9E1IoTs6bpakJ6GIPIMJUeYDCRpXLRrHt\nCAdDGt7wQ2l5PUY2R98fiCs266c8Vaiqll6PDbFRDwHEI4gSkYnemdC3pdD/u1ct\nKEch6TBhUejC52t/Zvq2hrUItEj1oz35mVTv+cHHfX9HqVTdV+1SeOR+WoETy+I4\nqdBKOSPybxtisp9fdczX0F3uzAfpHqCFVZ2OSvPJmDCZU20gjF+1h+HiyvS4iWT1\nqrlMFQ1EliSMbjO/pCTj6PHIcOUNPg7tkx72s5E0qRd4Ja10nZ7QNUh8VGGHNQxb\nUYLfM7GojPgWx2UzjLo6EU5a9/Xuo6rwgTE5hKWGqZCm645RSv71tpTbdZJe6vnS\ncyzGIV7NtIvMF625LvimVBB/BSXZK3vYpSuBtcPnvKg2wAet83fIzQ4PtwBpzP7p\nNfFLvedXg2CRZIYbi5u6tzCqE2UKDpfvKWry8MyELDpt4b4iZEbHt0S4ZdfKzOvu\najvY2VuM414x0FZpWCEHFXT7dbcilf2ZBg0g0UgazRhumm9utfBsbmQz0fS7GcML\nEf3YRj97YJPhGoeAQ8b+ox8Z+Q/J+/39smr94scd9FjhotlQgVh9zmd6c4IzisEE\niwtg6J38bOHzXi9q3x3Fw4FTe6kUQHeOw9703w/EqojumKVCVCX6VoZ0tmAt720O\nItDqWovzGmk=yv43\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "153972"
},
{
"db": "PACKETSTORM",
"id": "154045"
},
{
"db": "PACKETSTORM",
"id": "153699"
},
{
"db": "PACKETSTORM",
"id": "153970"
},
{
"db": "PACKETSTORM",
"id": "154316"
},
{
"db": "PACKETSTORM",
"id": "153702"
},
{
"db": "PACKETSTORM",
"id": "154553"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47133",
"trust": 0.3,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-13272"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13272",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "153702",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "153663",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "156929",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "154957",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "165051",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "154245",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4646",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2704",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4346",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4252",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4346.2",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50541",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47163",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47133",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-29592",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-13272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153972",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "153972"
},
{
"db": "PACKETSTORM",
"id": "154045"
},
{
"db": "PACKETSTORM",
"id": "153699"
},
{
"db": "PACKETSTORM",
"id": "153970"
},
{
"db": "PACKETSTORM",
"id": "154316"
},
{
"db": "PACKETSTORM",
"id": "153702"
},
{
"db": "PACKETSTORM",
"id": "154553"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"id": "VAR-201907-1641",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25113124
},
"last_update_date": "2024-07-23T21:13:51.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ChangeLog-5.1.17",
"trust": 0.8,
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17"
},
{
"title": "[SECURITY] [DLA 1862-1] linux security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"title": "[SECURITY] [DLA 1863-1] linux-4.9 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"title": "DSA-4484",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"title": "FEDORA-2019-a95015e60f",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/"
},
{
"title": "ptrace: Fix -\u003eptracer_cred handling for PTRACE_TRACEME",
"trust": 0.8,
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"title": "Linux Kernel Archives",
"trust": 0.8,
"url": "http://www.kernel.org"
},
{
"title": "ptrace: Fix -\u003eptracer_cred handling for PTRACE_TRACEME",
"trust": 0.8,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192411 - security advisory"
},
{
"title": "Red Hat: Important: kernel-rt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192405 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-4484-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f7aec913c227117e479ebfa6af2b1b9a"
},
{
"title": "Red Hat: CVE-2019-13272",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-13272"
},
{
"title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4093-1"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4095-1"
},
{
"title": "Ubuntu Security Notice: linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4117-1"
},
{
"title": "IBM: IBM Security Bulletin: Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272, CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d9cd8f6d11c68af77f2f2bd27ca37bed"
},
{
"title": "Ubuntu Security Notice: linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4094-1"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (March 2021)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=afc44ca312a83d419e062241c4789aae"
},
{
"title": "Ubuntu Security Notice: linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4118-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "CVE-2019-13272 - Pkexec Local Privilege Escalation",
"trust": 0.1,
"url": "https://github.com/asepsaepdin/cve-2019-13272 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1903"
},
{
"trust": 2.4,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730895"
},
{
"trust": 2.4,
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1140671"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13272"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/165051/linux-kernel-5.1.x-ptrace_traceme-pkexec-local-privilege-escalation.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/153663/linux-ptrace_traceme-broken-permission-object-lifetime-handling.html"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/156929/linux-ptrace_traceme-local-root.html"
},
{
"trust": 2.2,
"url": "https://www.debian.org/security/2019/dsa-4484"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/153702/slackware-security-advisory-slackware-14.2-kernel-updates.html"
},
{
"trust": 2.2,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00023.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2411"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2405"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2809"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/154957/linux-polkit-pkexec-helper-ptrace_traceme-local-root.html"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20190806-0001/"
},
{
"trust": 1.6,
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.1.17"
},
{
"trust": 1.6,
"url": "https://support.f5.com/csp/article/k91025336"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00022.html"
},
{
"trust": 1.6,
"url": "https://seclists.org/bugtraq/2019/jul/30"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4094-1/"
},
{
"trust": 1.6,
"url": "https://seclists.org/bugtraq/2019/jul/33"
},
{
"trust": 1.6,
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4117-1/"
},
{
"trust": 1.6,
"url": "https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4093-1/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4095-1/"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/154245/kernel-live-patch-security-notice-lsn-0054-1.html"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k91025336?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13272"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ogrk5lywbj4e4sri4dkx367nhysi3voh/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k91025336?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html"
},
{
"trust": 0.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193255-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193252-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193249-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193248-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193247-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193260-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193261-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193263-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193246-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2704/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2749/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4646/"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-29592"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4346/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4252/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50541"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47133"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-ptrace-link-29820"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47163"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153663/linux-ptrace/traceme-broken-permission-object-lifetime-handling.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1125"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13272"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11599"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1125"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/4329821"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13233"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12984"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1054.61"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4095-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-159.187"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1122.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1090.101"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1118.127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5383"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4093-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1013.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1013.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-25.26~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1018.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1014.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-25.26"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1014.14"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4117-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14283"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1014.16"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16597"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3892"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16597"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3892"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11599"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5489"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "153972"
},
{
"db": "PACKETSTORM",
"id": "154045"
},
{
"db": "PACKETSTORM",
"id": "153699"
},
{
"db": "PACKETSTORM",
"id": "153970"
},
{
"db": "PACKETSTORM",
"id": "154316"
},
{
"db": "PACKETSTORM",
"id": "153702"
},
{
"db": "PACKETSTORM",
"id": "154553"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"db": "PACKETSTORM",
"id": "154044"
},
{
"db": "PACKETSTORM",
"id": "153972"
},
{
"db": "PACKETSTORM",
"id": "154045"
},
{
"db": "PACKETSTORM",
"id": "153699"
},
{
"db": "PACKETSTORM",
"id": "153970"
},
{
"db": "PACKETSTORM",
"id": "154316"
},
{
"db": "PACKETSTORM",
"id": "153702"
},
{
"db": "PACKETSTORM",
"id": "154553"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"date": "2019-08-13T17:45:06",
"db": "PACKETSTORM",
"id": "154044"
},
{
"date": "2019-08-07T20:11:10",
"db": "PACKETSTORM",
"id": "153972"
},
{
"date": "2019-08-13T17:45:15",
"db": "PACKETSTORM",
"id": "154045"
},
{
"date": "2019-07-20T19:11:11",
"db": "PACKETSTORM",
"id": "153699"
},
{
"date": "2019-08-07T20:10:41",
"db": "PACKETSTORM",
"id": "153970"
},
{
"date": "2019-09-02T23:48:33",
"db": "PACKETSTORM",
"id": "154316"
},
{
"date": "2019-07-22T09:32:22",
"db": "PACKETSTORM",
"id": "153702"
},
{
"date": "2019-09-20T15:08:09",
"db": "PACKETSTORM",
"id": "154553"
},
{
"date": "2019-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"date": "2019-07-17T13:15:10.687000",
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13272"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006727"
},
{
"date": "2021-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-809"
},
{
"date": "2023-11-07T03:03:48.947000",
"db": "NVD",
"id": "CVE-2019-13272"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "154045"
},
{
"db": "PACKETSTORM",
"id": "153699"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006727"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-809"
}
],
"trust": 0.6
}
}
VAR-202108-2221
Vulnerability from variot - Updated: 2024-07-23 21:13curl supports the -t command line option, known as CURLOPT_TELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending NEW_ENV variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. A has been found in curl. The fix for CVE-2021-22898 doesn't remedy the vulnerability. The highest threat from this vulnerability is to confidentiality. Description:
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:
-
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
installPlanApprovalset toAutomatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting forinstallPlanApprovaltomanual, then you must view each cluster to manually approve the upgrade to the operator.
- Upgrade gatekeeper operator:
The gatekeeper operator that is installed by the gatekeeper operator policy
has
-
- Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'. Bugs fixed (https://bugzilla.redhat.com/):
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements
- Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 =====================================================================
- Summary:
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:
OpenShift Dedicated support
RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.
-
Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS.
-
Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.
-
Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.
Security Fix(es):
-
civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)
-
nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
-
nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)
-
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
-
helm: information disclosure vulnerability (CVE-2021-32690)
-
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fixes The release of RHACS 3.67 includes the following bug fixes:
-
Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.
-
Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.
System changes The release of RHACS 3.67 includes the following system changes:
- Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
- The Port exposure method policy criteria now include route as an exposure method.
- The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.
- The OpenShift Compliance Operator integration now supports using TailoredProfiles.
- The RHACS Jenkins plugin now provides additional security information.
- When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.
- The default uid:gid pair for the Scanner image is now 65534:65534.
- RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.
- If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.
- In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode.
- You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
-
You can now use a regular expression for the deployment name while specifying policy exclusions
-
Solution:
To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67.
- Bugs fixed (https://bugzilla.redhat.com/):
1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
- JIRA issues fixed (https://issues.jboss.org/):
RHACS-65 - Release RHACS 3.67.0
- References:
https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
- Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
- Summary:
An update is now available for OpenShift Logging 5.2. Description:
Openshift Logging Bug Fix Release (5.2.3)
Security Fix(es):
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.7"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.5"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.4"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.26"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.78.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.35"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.3.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.78.0",
"versionStartIncluding": "7.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.26",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.35",
"versionStartIncluding": "5.7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "165002"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-381399",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22925",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1582",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-381399",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. A has been found in curl. The fix for CVE-2021-22898 doesn\u0027t remedy the vulnerability. The highest threat from this vulnerability is to confidentiality. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include\nsecurity updates, and container upgrades. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n- - Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n- - Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.67 security and enhancement update\nAdvisory ID: RHSA-2021:4902-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4902\nIssue date: 2021-12-01\nCVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 \n CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 \n CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 \n CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 \n CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 \n CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 \n CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 \n CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 \n CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 \n CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 \n CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. \n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. \n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP\nform-based file upload mechanism via the mg_handle_form_request API\n(CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. \n\n2. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. \n2. The Port exposure method policy criteria now include route as an\nexposure method. \n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. \n4. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. \n5. The RHACS Jenkins plugin now provides additional security information. \n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. \n7. The default uid:gid pair for the Scanner image is now 65534:65534. \n8. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. \n9. If microdnf is part of an image or shows up in process execution, RHACS\nreports it as a security violation for the Red Hat Package Manager in Image\nor the Red Hat Package Manager Execution security policies. \n10. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-27304\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3801\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-32690\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-39293\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr\nKjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w\ntKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e\nlq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV\nx4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2\ne8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK\nqnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz\nvguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt\nG4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT\nPTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/\npJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN\nT0pPNmsPGZY=\n=ux5P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Solution:\n\nFor details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5. Summary:\n\nAn update is now available for OpenShift Logging 5.2. Description:\n\nOpenshift Logging Bug Fix Release (5.2.3)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1857 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM\nLOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22925"
},
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "VULMON",
"id": "CVE-2021-22925"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "165002"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22925",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "HACKERONE",
"id": "1223882",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166489",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165002",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165129",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165096",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165862",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166308",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165633",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164886",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165758",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164249",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163637",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3935",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4172",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0716",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4095",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4059",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3748",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0493",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2526",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0394",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3101.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111131",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080210",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072814",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22925",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "VULMON",
"id": "CVE-2021-22925"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"id": "VAR-202108-2221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:13:18.214000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Arch Linux Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=158024"
},
{
"title": "Red Hat: CVE-2021-22925",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-22925"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-22925 log"
},
{
"title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-61"
},
{
"title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-60"
},
{
"title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-64"
},
{
"title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-62"
},
{
"title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-63"
},
{
"title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-59"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22925"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210902-0003/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212804"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212805"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/39"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/40"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1223882"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164886/red-hat-security-advisory-2021-4511-03.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111131"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-information-disclosure-via-telnet-stack-contents-35956"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170303/gentoo-linux-security-advisory-202212-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1071"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3748"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165862/red-hat-security-advisory-2022-0434-05.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072814"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165633/ubuntu-security-notice-usn-5021-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080210"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0716"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3101.2"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212805"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166489/red-hat-security-advisory-2022-1081-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212804"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0394"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0493"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2526"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3935"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072212"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6495407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4229"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4059"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2473"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163637/ubuntu-security-notice-usn-5021-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166789/red-hat-security-advisory-2022-1396-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165758/red-hat-security-advisory-2022-0318-06.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4095"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4172"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1837"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166308/red-hat-security-advisory-2022-0842-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1081"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5128"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4032"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "VULMON",
"id": "CVE-2021-22925"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381399"
},
{
"db": "VULMON",
"id": "CVE-2021-22925"
},
{
"db": "PACKETSTORM",
"id": "166489"
},
{
"db": "PACKETSTORM",
"id": "165286"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381399"
},
{
"date": "2022-03-28T15:52:16",
"db": "PACKETSTORM",
"id": "166489"
},
{
"date": "2021-12-15T15:20:33",
"db": "PACKETSTORM",
"id": "165286"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2021-12-02T16:06:16",
"db": "PACKETSTORM",
"id": "165129"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-11-17T15:25:40",
"db": "PACKETSTORM",
"id": "165002"
},
{
"date": "2021-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"date": "2021-08-05T21:15:11.467000",
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-381399"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1582"
},
{
"date": "2024-03-27T15:11:42.063000",
"db": "NVD",
"id": "CVE-2021-22925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arch Linux Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1582"
}
],
"trust": 0.6
}
}
VAR-202012-1277
Vulnerability from variot - Updated: 2024-07-23 21:07A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl's FTP PASV Responses. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1328 - Port fix to 5.0.z for BZ-1945168
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update Advisory ID: RHSA-2021:2121-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2121 Issue date: 2021-06-01 CVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 CVE-2021-25215 CVE-2021-30465 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM yj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6 TZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai Kkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir ZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx CGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ ++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5 3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL 5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z gMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV GpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL PEh85hYKLe4= =Xe05 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
- ========================================================================== Ubuntu Security Notice USN-4665-2 December 09, 2020
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV responses. (CVE-2020-8284)
It was discovered that curl incorrectly handled FTP wildcard matchins. A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm6 libcurl3 7.35.0-1ubuntu2.20+esm6 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6 libcurl3-nss 7.35.0-1ubuntu2.20+esm6
Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.29 libcurl3 7.22.0-3ubuntu4.29 libcurl3-gnutls 7.22.0-3ubuntu4.29 libcurl3-nss 7.22.0-3ubuntu4.29
In general, a standard system update will make all the necessary changes.
CVE-2020-8177
sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.
CVE-2020-8231
Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.
CVE-2020-8285
xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
CVE-2020-8286
It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.
CVE-2021-22876
Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.
CVE-2021-22890
Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
libcurl could confuse session tickets arriving from the HTTPS proxy
as if they arrived from the remote server instead. This could allow
an HTTPS proxy to trick libcurl into using the wrong session ticket
for the host and thereby circumvent the server TLS certificate check.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.73.0"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "hci bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.73.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162629"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
}
],
"trust": 0.6
},
"cve": "CVE-2020-8284",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-186409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8284",
"trust": 1.0,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-186409",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. HAXX Haxx curl is a set of file transfer tools that use the URL syntax to work under the command line of the Swedish Haxx (HAXX) company. The tool supports file upload and download and includes a libcurl (client URL transfer library) for program development. There is a security vulnerability in Haxx curl FTP PASV Responses. Attackers can use this vulnerability to bypass data access restrictions and obtain sensitive information through curl\u0027s FTP PASV Responses. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1328 - Port fix to 5.0.z for BZ-1945168\n\n6. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.13 bug fix and security update\nAdvisory ID: RHSA-2021:2121-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2121\nIssue date: 2021-06-01\nCVE Names: CVE-2016-10228 CVE-2019-2708 CVE-2019-3842 \n CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 \n CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 \n CVE-2019-25013 CVE-2019-25032 CVE-2019-25034 \n CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 \n CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 \n CVE-2019-25041 CVE-2019-25042 CVE-2020-0431 \n CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 \n CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 \n CVE-2020-9951 CVE-2020-9983 CVE-2020-10543 \n CVE-2020-10878 CVE-2020-11608 CVE-2020-12114 \n CVE-2020-12362 CVE-2020-12464 CVE-2020-13434 \n CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 \n CVE-2020-14314 CVE-2020-14344 CVE-2020-14345 \n CVE-2020-14346 CVE-2020-14347 CVE-2020-14356 \n CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 \n CVE-2020-14363 CVE-2020-15358 CVE-2020-15437 \n CVE-2020-15586 CVE-2020-16845 CVE-2020-24330 \n CVE-2020-24331 CVE-2020-24332 CVE-2020-24394 \n CVE-2020-24977 CVE-2020-25212 CVE-2020-25284 \n CVE-2020-25285 CVE-2020-25643 CVE-2020-25659 \n CVE-2020-25704 CVE-2020-25712 CVE-2020-26116 \n CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 \n CVE-2020-27783 CVE-2020-27786 CVE-2020-27835 \n CVE-2020-28196 CVE-2020-28935 CVE-2020-28974 \n CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 \n CVE-2020-35508 CVE-2020-36242 CVE-2020-36322 \n CVE-2021-0342 CVE-2021-3121 CVE-2021-3177 \n CVE-2021-3326 CVE-2021-21642 CVE-2021-21643 \n CVE-2021-21644 CVE-2021-21645 CVE-2021-23336 \n CVE-2021-25215 CVE-2021-30465 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.13 is now available with\nupdates to packages and images that fix several bugs. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-18811\nhttps://access.redhat.com/security/cve/CVE-2019-19523\nhttps://access.redhat.com/security/cve/CVE-2019-19528\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2019-25032\nhttps://access.redhat.com/security/cve/CVE-2019-25034\nhttps://access.redhat.com/security/cve/CVE-2019-25035\nhttps://access.redhat.com/security/cve/CVE-2019-25036\nhttps://access.redhat.com/security/cve/CVE-2019-25037\nhttps://access.redhat.com/security/cve/CVE-2019-25038\nhttps://access.redhat.com/security/cve/CVE-2019-25039\nhttps://access.redhat.com/security/cve/CVE-2019-25040\nhttps://access.redhat.com/security/cve/CVE-2019-25041\nhttps://access.redhat.com/security/cve/CVE-2019-25042\nhttps://access.redhat.com/security/cve/CVE-2020-0431\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-11608\nhttps://access.redhat.com/security/cve/CVE-2020-12114\nhttps://access.redhat.com/security/cve/CVE-2020-12362\nhttps://access.redhat.com/security/cve/CVE-2020-12464\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-14314\nhttps://access.redhat.com/security/cve/CVE-2020-14344\nhttps://access.redhat.com/security/cve/CVE-2020-14345\nhttps://access.redhat.com/security/cve/CVE-2020-14346\nhttps://access.redhat.com/security/cve/CVE-2020-14347\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://access.redhat.com/security/cve/CVE-2020-14360\nhttps://access.redhat.com/security/cve/CVE-2020-14361\nhttps://access.redhat.com/security/cve/CVE-2020-14362\nhttps://access.redhat.com/security/cve/CVE-2020-14363\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15437\nhttps://access.redhat.com/security/cve/CVE-2020-15586\nhttps://access.redhat.com/security/cve/CVE-2020-16845\nhttps://access.redhat.com/security/cve/CVE-2020-24330\nhttps://access.redhat.com/security/cve/CVE-2020-24331\nhttps://access.redhat.com/security/cve/CVE-2020-24332\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25212\nhttps://access.redhat.com/security/cve/CVE-2020-25284\nhttps://access.redhat.com/security/cve/CVE-2020-25285\nhttps://access.redhat.com/security/cve/CVE-2020-25643\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25704\nhttps://access.redhat.com/security/cve/CVE-2020-25712\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-27786\nhttps://access.redhat.com/security/cve/CVE-2020-27835\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-28935\nhttps://access.redhat.com/security/cve/CVE-2020-28974\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-35508\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2020-36322\nhttps://access.redhat.com/security/cve/CVE-2021-0342\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-21642\nhttps://access.redhat.com/security/cve/CVE-2021-21643\nhttps://access.redhat.com/security/cve/CVE-2021-21644\nhttps://access.redhat.com/security/cve/CVE-2021-21645\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-30465\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM\nyj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6\nTZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai\nKkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir\nZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx\nCGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ\n++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5\n3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL\n5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z\ngMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV\nGpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL\nPEh85hYKLe4=\n=Xe05\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. ==========================================================================\nUbuntu Security Notice USN-4665-2\nDecember 09, 2020\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Varnavas Papaioannou discovered that curl incorrectly handled FTP PASV\n responses. (CVE-2020-8284)\n\n It was discovered that curl incorrectly handled FTP wildcard matchins. A\n remote attacker could possibly use this issue to cause curl to consume\n resources and crash, resulting in a denial of service. (CVE-2020-8285)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n curl 7.35.0-1ubuntu2.20+esm6\n libcurl3 7.35.0-1ubuntu2.20+esm6\n libcurl3-gnutls 7.35.0-1ubuntu2.20+esm6\n libcurl3-nss 7.35.0-1ubuntu2.20+esm6\n\nUbuntu 12.04 ESM:\n curl 7.22.0-3ubuntu4.29\n libcurl3 7.22.0-3ubuntu4.29\n libcurl3-gnutls 7.22.0-3ubuntu4.29\n libcurl3-nss 7.22.0-3ubuntu4.29\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2020-8177\n\n sn reported that curl could be tricked by a malicious server into\n overwriting a local file when using th -J (--remote-header-name) and\n -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n Marc Aldorasi reported that libcurl might use the wrong connection\n when an application using libcurl\u0027s multi API sets the option\n CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8285\n\n xnynx reported that libcurl could run out of stack space when using\n tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n It was reported that libcurl didn\u0027t verify that an OCSP response\n actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n Viktor Szakats reported that libcurl does not strip off user\n credentials from the URL when automatically populating the Referer\n HTTP request header field in outgoing HTTP requests. \n\nCVE-2021-22890\n\n Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n libcurl could confuse session tickets arriving from the HTTPS proxy\n as if they arrived from the remote server instead. This could allow\n an HTTPS proxy to trick libcurl into using the wrong session ticket\n for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8284"
},
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "PACKETSTORM",
"id": "162629"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "160436"
},
{
"db": "PACKETSTORM",
"id": "169015"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8284",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1040166",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "160436",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162629",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160423",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186409",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "PACKETSTORM",
"id": "162629"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "160436"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"id": "VAR-202012-1277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186409"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T21:07:50.790000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212326"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212327"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"trust": 1.1,
"url": "https://curl.se/docs/cve-2020-8284.html"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1040166"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4665-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4665-2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "PACKETSTORM",
"id": "162629"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "160436"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186409"
},
{
"db": "PACKETSTORM",
"id": "162629"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "160436"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186409"
},
{
"date": "2021-05-19T13:56:56",
"db": "PACKETSTORM",
"id": "162629"
},
{
"date": "2021-05-27T13:28:54",
"db": "PACKETSTORM",
"id": "162837"
},
{
"date": "2021-06-17T18:01:23",
"db": "PACKETSTORM",
"id": "163193"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789"
},
{
"date": "2020-12-10T16:02:10",
"db": "PACKETSTORM",
"id": "160436"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169015"
},
{
"date": "2020-12-14T20:15:13.903000",
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-186409"
},
{
"date": "2024-04-08T22:50:54.947000",
"db": "NVD",
"id": "CVE-2020-8284"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-1610-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "162629"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "163188"
}
],
"trust": 0.1
}
}
VAR-201801-1712
Vulnerability from variot - Updated: 2024-07-23 21:03Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:
Image Updates for RHV-H - noarch
- These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. ========================================================================== Ubuntu Security Notice USN-3540-2 January 23, 2018
linux-lts-xenial, linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were addressed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Spectre. (CVE-2017-5715, CVE-2017-5753)
USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-1011-aws 4.4.0-1011.11 linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1 linux-image-aws 4.4.0.1011.11 linux-image-generic-lts-xenial 4.4.0.111.95 linux-image-lowlatency-lts-xenial 4.4.0.111.95 linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95 linux-image-powerpc-smp-lts-xenial 4.4.0.111.95 linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95 linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95
Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4187-1 security@debian.org https://www.debian.org/security/ Ben Hutchings May 01, 2018 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753 CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004 CVE-2018-1000199
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2015-9016
Ming Lei reported a race condition in the multiqueue block layer
(blk-mq). On a system with a driver using blk-mq (mtip32xx,
null_blk, or virtio_blk), a local user might be able to use this
for denial of service or possibly for privilege escalation.
CVE-2017-0861
Robb Glasser reported a potential use-after-free in the ALSA (sound)
PCM core. We believe this was not possible in practice.
CVE-2017-5715
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.
CVE-2017-5753
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.
More use sites will be added over time.
CVE-2017-13166
A bug in the 32-bit compatibility layer of the v4l2 ioctl handling
code has been found. Memory protections ensuring user-provided
buffers always point to userland memory were disabled, allowing
destination addresses to be in kernel space. On a 64-bit kernel a
local user with access to a suitable video device can exploit this
to overwrite kernel memory, leading to privilege escalation.
CVE-2017-13220
Al Viro reported that the Bluetooth HIDP implementation could
dereference a pointer before performing the necessary type check.
A local user could use this to cause a denial of service.
CVE-2017-16526
Andrey Konovalov reported that the UWB subsystem may dereference
an invalid pointer in an error case. A local user might be able
to use this for denial of service.
CVE-2017-16911
Secunia Research reported that the USB/IP vhci_hcd driver exposed
kernel heap addresses to local users.
CVE-2017-16912
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to an out-of-bounds read. A remote user able to connect to the
USB/IP server could use this for denial of service.
CVE-2017-16913
Secunia Research reported that the USB/IP stub driver failed to
perform a range check on a received packet header field, leading
to excessive memory allocation. A remote user able to connect to
the USB/IP server could use this for denial of service.
CVE-2017-16914
Secunia Research reported that the USB/IP stub driver failed to
check for an invalid combination of fields in a received packet,
leading to a null pointer dereference. A remote user able to
connect to the USB/IP server could use this for denial of service.
CVE-2017-18017
Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module
failed to validate TCP header lengths, potentially leading to a
use-after-free. If this module is loaded, it could be used by a
remote attacker for denial of service or possibly for code
execution.
CVE-2017-18203
Hou Tao reported that there was a race condition in creation and
deletion of device-mapper (DM) devices. A local user could
potentially use this for denial of service.
CVE-2017-18216
Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference. A local user
could use this for denial of service.
CVE-2017-18232
Jason Yan reported a race condition in the SAS (Serial-Attached
SCSI) subsystem, between probing and destroying a port. This
could lead to a deadlock. A physically present attacker could
use this to cause a denial of service.
CVE-2017-18241
Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used.
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.
CVE-2018-1066
Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation. This could be used
by a malicious server for denial of service.
CVE-2018-1068
The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.
CVE-2018-1092
Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted. A local user able
to mount arbitrary filesystems could use this for denial of
service.
CVE-2018-5332
Mohamed Ghannam reported that the RDS protocol did not
sufficiently validate RDMA requests, leading to an out-of-bounds
write. A local attacker on a system with the rds module loaded
could use this for denial of service or possibly for privilege
escalation.
CVE-2018-5333
Mohamed Ghannam reported that the RDS protocol did not properly
handle an error case, leading to a null pointer dereference. A
local attacker on a system with the rds module loaded could
possibly use this for denial of service.
CVE-2018-5750
Wang Qize reported that the ACPI sbshc driver logged a kernel heap
address.
CVE-2018-5803
Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created. A local or remote user could
use this to cause a denial of service.
CVE-2018-6927
Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did
not check for negative parameter values, which might lead to a
denial of service or other security impact.
CVE-2018-7492
The syzkaller tool found that the RDS protocol was lacking a null
pointer check. A local attacker on a system with the rds module
loaded could use this for denial of service.
CVE-2018-7566
Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations. This could
lead to an out-of-bounds access or use-after-free. A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.
CVE-2018-7740
Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset. A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.
CVE-2018-7757
Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem. A local user on a system with SAS devices
could use this to cause a denial of service.
CVE-2018-7995
Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver. This is unlikely to have
any security impact.
CVE-2018-8781
Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset. A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.
CVE-2018-8822
Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server. An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.
CVE-2018-1000004
Luo Quan reported a race condition in the ALSA (sound) sequencer
core, between multiple ioctl operations. This could lead to a
deadlock or use-after-free. A local user with access to a
sequencer device could use this for denial of service or possibly
for privilege escalation.
CVE-2018-1000199
Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings. Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY AXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E hDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH aF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7 OukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS H8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65 UHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd Hl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/ kKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A 5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s CxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8= =wNQS -----END PGP SIGNATURE----- . Summary:
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Security Fix(es):
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
In this update mitigations for x86-64 architecture are provided.
Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)
Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)
Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
Red Hat would like to thank Google Project Zero for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
ppc64: kernel-2.6.32-696.18.7.el6.ppc64.rpm kernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm kernel-devel-2.6.32-696.18.7.el6.ppc64.rpm kernel-headers-2.6.32-696.18.7.el6.ppc64.rpm perf-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-devel-2.6.32-696.18.7.el6.s390x.rpm kernel-headers-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm perf-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
ppc64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm python-perf-2.6.32-696.18.7.el6.ppc64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm
s390x: kernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm python-perf-2.6.32-696.18.7.el6.s390x.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: kernel-2.6.32-696.18.7.el6.src.rpm
i386: kernel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-devel-2.6.32-696.18.7.el6.i686.rpm kernel-headers-2.6.32-696.18.7.el6.i686.rpm perf-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
noarch: kernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm kernel-doc-2.6.32-696.18.7.el6.noarch.rpm kernel-firmware-2.6.32-696.18.7.el6.noarch.rpm
x86_64: kernel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm kernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm kernel-devel-2.6.32-696.18.7.el6.x86_64.rpm kernel-headers-2.6.32-696.18.7.el6.x86_64.rpm perf-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: kernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm python-perf-2.6.32-696.18.7.el6.i686.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm
x86_64: kernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm python-perf-2.6.32-696.18.7.el6.x86_64.rpm python-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O OR+iGnoY+cALbsBWKwbmzQM= =V4ow -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2018-1-8-1 iOS 11.2.2
iOS 11.2.2 is now available and and addresses the following:
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Description: iOS 11.2.2 includes security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03805en_us Version: 7
HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure.
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-01-23 Last Updated: 2018-01-22
Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.
Note:
- This issue takes advantage of techniques commonly used in many modern processor architectures.
-
For further information, microprocessor vendors have provided security advisories:
References:
- CVE-2017-5715 - aka Spectre, branch target injection
- CVE-2017-5753 - aka Spectre, bounds check bypass
- CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant DL380 Gen10 Server - To be delivered
- HPE ProLiant DL180 Gen10 Server - To be delivered
- HPE ProLiant DL160 Gen10 Server - To be delivered
- HPE ProLiant DL360 Gen10 Server - To be delivered
- HPE ProLiant ML110 Gen10 Server - To be delivered
- HPE ProLiant DL580 Gen10 Server - To be delivered
- HPE ProLiant DL560 Gen10 Server - To be delivered
- HPE ProLiant DL120 Gen10 Server - To be delivered
- HPE ProLiant ML350 Gen10 Server - To be delivered
- HPE ProLiant XL450 Gen10 Server - To be delivered
- HPE Synergy 660 Gen10 Compute Module - To be delivered
- HPE ProLiant DL385 Gen10 Server - prior to v1.04
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant BL460c Gen10 Server Blade - To be delivered
- HPE ProLiant XL190r Gen10 Server - To be delivered
- HPE ProLiant XL230k Gen10 Server - To be delivered
- HPE Synergy 480 Gen10 Compute Module - To be delivered
- HPE ProLiant XL730f Gen9 Server - To be delivered
- HPE ProLiant XL230a Gen9 Server - To be delivered
- HPE ProLiant XL740f Gen9 Server - To be delivered
- HPE ProLiant XL750f Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen9 Server - To be delivered
- HP ProLiant DL60 Gen9 Server - To be delivered
- HP ProLiant DL160 Gen9 Server - To be delivered
- HPE ProLiant DL360 Gen9 Server - To be delivered
- HP ProLiant DL380 Gen9 Server - To be delivered
- HPE ProLiant XL450 Gen9 Server - To be delivered
- HPE Apollo 4200 Gen9 Server - To be delivered
- HP ProLiant BL460c Gen9 Server Blade - To be delivered
- HP ProLiant ML110 Gen9 Server - To be delivered
- HP ProLiant ML150 Gen9 Server - To be delivered
- HPE ProLiant ML350 Gen9 Server - To be delivered
- HP ProLiant DL120 Gen9 Server - To be delivered
- HPE ProLiant DL560 Gen9 Server - To be delivered
- HP ProLiant BL660c Gen9 Server - To be delivered
- HPE ProLiant ML30 Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant DL20 Gen9 Server - To be delivered
- HPE Synergy 660 Gen9 Compute Module - To be delivered
- HPE Synergy 480 Gen9 Compute Module - To be delivered
- HPE ProLiant XL250a Gen9 Server - To be delivered
- HPE ProLiant XL190r Gen9 Server - To be delivered
- HP ProLiant DL80 Gen9 Server - To be delivered
- HPE ProLiant DL180 Gen9 Server - To be delivered
- HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered
- HPE ProLiant WS460c Gen9 Workstation - To be delivered
- HPE ProLiant XL260a Gen9 Server - To be delivered
- HPE Synergy 620 Gen9 Compute Module - To be delivered
- HPE ProLiant DL580 Gen9 Server - To be delivered
- HP ProLiant XL220a Gen8 v2 Server - To be delivered
- HPE Synergy 680 Gen9 Compute Module - To be delivered
- HPE ProLiant m510 Server Cartridge - To be delivered
- HPE ProLiant m710p Server Cartridge - To be delivered
- HPE ProLiant m710x Server Cartridge - To be delivered
- HP ProLiant m710 Server Cartridge - To be delivered
- HP ProLiant DL980 G7 Server - To be delivered
- HPE Synergy Composer - To be delivered
- HPE ProLiant Thin Micro TM200 Server - To be delivered
- HPE ProLiant ML10 v2 Server - To be delivered
- HPE ProLiant m350 Server Cartridge - To be delivered
- HPE ProLiant m300 Server Cartridge - To be delivered
- HPE ProLiant MicroServer Gen8 - To be delivered
- HPE ProLiant ML310e Gen8 v2 Server - To be delivered
- HPE Superdome Flex Server - To be delivered
- HP 3PAR StoreServ File Controller - To be delivered - v3 impacted
- HPE StoreVirtual 3000 File Controller - To be delivered
- HPE StoreEasy 1450 Storage - To be delivered
- HPE StoreEasy 1550 Storage - To be delivered
- HPE StoreEasy 1650 Storage - To be delivered
- HPE StoreEasy 3850 Gateway Storage - To be delivered
- HPE StoreEasy 1850 Storage - To be delivered
- HP ConvergedSystem 700 - To be delivered
- HPE Converged Architecture 700 - To be delivered
- HP ProLiant DL580 Gen8 Server - To be delivered
- HPE Cloudline CL2100 Gen10 Server - To be delivered
- HPE Cloudline CL2200 Gen10 Server - To be delivered
- HPE Cloudline CL3150 G4 Server - To be delivered
- HPE Cloudline CL5200 G3 Server - To be delivered
- HPE Cloudline CL3100 G3 Server - To be delivered
- HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5715
8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)
CVE-2017-5753
5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)
CVE-2017-5754
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/ . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.
All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.
Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.
-
HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
-
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.
HISTORY
Version:1 (rev.1) - 4 January 2018 Initial release
Version:2 (rev.2) - 5 January 2018 Added additional impacted products
Version:3 (rev.3) - 10 January 2018 Added more impacted products
Version:4 (rev.4) - 9 January 2018 Fixed product ID
Version:5 (rev.5) - 18 January 2018 Added additional impacted products
Version:6 (rev.6) - 19 January 2018 updated impacted product list
Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Several vulnerabilities were discovered in WebKitGTK+.
CVE-2017-5753 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.
CVE-2017-5715 Versions affected: WebKitGTK+ before 2.18.5. Credit to Jann Horn of Google Project Zero; and Paul Kocher in collaboration with Daniel Genkin of University of Pennsylvania and University of Maryland, Daniel Gruss of Graz University of Technology, Werner Haas of Cyberus Technology, Mike Hamburg of Rambus (Cryptography Research Division), Moritz Lipp of Graz University of Technology, Stefan Mangard of Graz University of Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz of Graz University of Technology, and Yuval Yarom of University of Adelaide and Data61. Description: Security improvements are included to mitigate the effects.
We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases.
Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html
The WebKitGTK+ team, January 10, 2018
. 7.2) - noarch, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "esxi",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "esxi",
"scope": "eq",
"trust": 1.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5287u"
},
{
"model": "xeon e5 2470 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5540"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2655le"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v3"
},
{
"model": "xeon e3 1270 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6510"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2435m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "875k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5503"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6148"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4980hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360"
},
{
"model": "xeon e5 1660 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3850"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5687"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2617m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5509"
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "670"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4422e"
},
{
"model": "cortex-a15",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "bl bpc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "cortex-a72",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2718"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3230m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5518"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4005"
},
{
"model": "cortex-a75",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3317u"
},
{
"model": "xeon e3 1226 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1241 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4900mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3380m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867l"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v3"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "xeon e-1105c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4012y"
},
{
"model": "xeon e5 1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "el ppc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670r"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7250"
},
{
"model": "vl2 ppc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "bl bpc 7001",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4722hq"
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y30"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790t"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6154"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220"
},
{
"model": "xeon e5 2448l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2312m"
},
{
"model": "xeon e3 1285l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8180"
},
{
"model": "vl2 ppc7 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300t"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3405"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3350"
},
{
"model": "xeon e3 1230 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "vl2 ppc 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5638"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1750"
},
{
"model": "xeon e5 2403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6350hq"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6146"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570r"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5550"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6140"
},
{
"model": "vl2 bpc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3350p"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5630"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6136"
},
{
"model": "cortex-a17",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4120u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5580"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "820qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2640m"
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3680"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y30"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2338"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5122"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4657l_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4158u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4960hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5750hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640um"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v4"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l7555"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3667u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300y"
},
{
"model": "bl ppc15 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3160"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2367m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6102e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3687u"
},
{
"model": "xeon e3 1225 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100u"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5618"
},
{
"model": "xeon e5 2418l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2648l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3827"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610"
},
{
"model": "xeon e5 2618l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2806"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2350m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6200u"
},
{
"model": "xeon e5 2440",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "simatic itc1900 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "vl2 ppc12 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5 2603 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7210"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2890_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x6550"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8250u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2348m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4771"
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130f"
},
{
"model": "xeon e5 2618l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2618l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "btc12",
"scope": "eq",
"trust": 1.0,
"vendor": "pepperl fuchs",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1850"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6134"
},
{
"model": "xeon e3 1276 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "bl ppc12 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3460"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v3"
},
{
"model": "xeon e3 1240 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702mq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820qm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4807"
},
{
"model": "xeon e5 2407 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712mq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2380p"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2115c"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2520m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2715qe"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3227u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820"
},
{
"model": "bl ppc17 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430um"
},
{
"model": "xeon e5 2430l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860_v2"
},
{
"model": "xeon e5 1620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2910"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j2900"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "xeon e3 1105c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1265l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8550u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "530"
},
{
"model": "xeon e5 2428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160t"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2308"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3060"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6157u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2430m"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330m"
},
{
"model": "xeon e3 12201 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3470"
},
{
"model": "xeon e3 1230",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5118"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "930"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4550u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350k"
},
{
"model": "bl2 ppc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850_v2"
},
{
"model": "bl bpc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3235rk"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2390t"
},
{
"model": "dl ppc15 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "350m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2538"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5520"
},
{
"model": "xeon e5 2418l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700t"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "390m"
},
{
"model": "xeon e3 1290 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330um"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2940"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2649m"
},
{
"model": "router manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "1.1.7-6941-1"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4200"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5504"
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5508"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3820qm"
},
{
"model": "xeon e3 1280 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1281 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100"
},
{
"model": "diskstation manager",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2560"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8156"
},
{
"model": "xeon e3 1268l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3455"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2960xm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4020y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820eq"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y51"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5520"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5300u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w"
},
{
"model": "xeon e5 1660",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "bl rackmount 4u",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5 1680 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5506"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5649"
},
{
"model": "xeon e3 1275 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130"
},
{
"model": "xeon e5 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790"
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660"
},
{
"model": "bl ppc17 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6402p"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8830"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330"
},
{
"model": "xeon e5 1428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2720qm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5539"
},
{
"model": "xeon e5 1660 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4800mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3540m"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1800"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675r"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2350"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2758"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3338"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3225"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775c"
},
{
"model": "cortex-r8",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3710"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3520"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3439y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y75"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4278u"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2820"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3537u"
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y57"
},
{
"model": "xeon e3 1271 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1286 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4648_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675c"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "480m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "740qm"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y32"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4950hq"
},
{
"model": "xeon e3 1286l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2657m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8400"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7290"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3530"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "610e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2620m"
},
{
"model": "xeon bronze 3104",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5119t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6148f"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3150"
},
{
"model": "bl ppc17 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3110m"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620le"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "950"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658a_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2328m"
},
{
"model": "xeon e5 2630",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v4"
},
{
"model": "neoverse n2",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "661"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "650"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5120"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130t"
},
{
"model": "xeon e5 2630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120m"
},
{
"model": "bl2 ppc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3000"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3520m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5675"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v3"
},
{
"model": "xeon e5 1428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2608l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775r"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3308"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5640"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150"
},
{
"model": "bl2 bpc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hk"
},
{
"model": "vl2 bpc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8857_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440hq"
},
{
"model": "router manager",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "1.1"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v2"
},
{
"model": "xeon e5 2620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3426"
},
{
"model": "xeon e3 12201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4308u"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8168"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3758"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "760"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2650l_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4578u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v4"
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "965"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2540m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210u"
},
{
"model": "xeon e5 2418l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5120t"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702ec"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2807"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2730"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3630qm"
},
{
"model": "xeon e5 2640 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3958"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4765t"
},
{
"model": "el ppc 1000\\/wt",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3508"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v2"
},
{
"model": "xeon e5 2608l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "local service management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "550"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220t"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4109t"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3010"
},
{
"model": "xeon e3 1285l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690k"
},
{
"model": "cortex-a8",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2105"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4510u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770k"
},
{
"model": "vl2 bpc 9000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2815"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2808"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217ue"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8100"
},
{
"model": "xeon e5 1650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "bl ppc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3845"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6167u"
},
{
"model": "bl2 bpc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2515e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5157u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3337u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "580m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750"
},
{
"model": "xeon e5 1428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240t"
},
{
"model": "xeon e5 2650l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4910mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3740qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3785"
},
{
"model": "xeon e5 2630 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4025u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2635qm"
},
{
"model": "xeon e3 1285 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3229y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4102e"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5667"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770t"
},
{
"model": "xeon e5 2628l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v4"
},
{
"model": "cortex-a12",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850"
},
{
"model": "xeon e3 1258l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4302y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3339y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5645"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8650u"
},
{
"model": "xeon e3 1220 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116t"
},
{
"model": "bl ppc15 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "cortex-a78",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2557m"
},
{
"model": "core m7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y75"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620lm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5506"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6267u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7540"
},
{
"model": "xeon e3 1260l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3840qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5250u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2357m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670k"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2760"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2930"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3825"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v4"
},
{
"model": "xeon e5 2448l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3805"
},
{
"model": "xeon e5 2609 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3580"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6287u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v3"
},
{
"model": "xeon e5 1660 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "virtual machine manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.2-23739"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6540"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5020u"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3955"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "970"
},
{
"model": "xeon e5 2403 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330te"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500te"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5647"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920xm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120me"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5015u"
},
{
"model": "xeon e5 2407",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2537m"
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4220y"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650l"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7560"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100te"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5549"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300m"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3826"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100e"
},
{
"model": "xeon e5 2470",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700ec"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2810"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735g"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690"
},
{
"model": "vl ppc 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "simatic itc2200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2320"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2530"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600s"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3480"
},
{
"model": "bl2 ppc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5 2650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y71"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3245"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4410e"
},
{
"model": "cortex-a76",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "dl ppc21.5m 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6685r"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5560"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5650"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v3"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3450"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5575r"
},
{
"model": "neoverse n1",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2550k"
},
{
"model": "xeon e5 2430",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736g"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2803"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607_v2"
},
{
"model": "simatic itc1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100t"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3795"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700mq"
},
{
"model": "vl bpc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4202y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7660u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5005u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qe"
},
{
"model": "valueline ipc",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5672"
},
{
"model": "xeon e5 2430 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4250u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7920hq"
},
{
"model": "xeon e3 1245",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "esxi",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "5.5.0"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3437u"
},
{
"model": "vl2 ppc9 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v4"
},
{
"model": "cortex-r7",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4720hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v2"
},
{
"model": "visunet rm shell",
"scope": "eq",
"trust": 1.0,
"vendor": "pepperl fuchs",
"version": null
},
{
"model": "xeon e5 2650l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2518"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1900"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699a_v4"
},
{
"model": "xeon e5 2603 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2628l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1278l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702hq"
},
{
"model": "xeon e5 2620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6144"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3200rk"
},
{
"model": "xeon e3 1240 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y54"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350t"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7210f"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3130m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qm"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10a"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5570"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2405s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550s"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5660"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v4"
},
{
"model": "xeon e5 2643 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010y"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8153"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3130"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v4"
},
{
"model": "vl2 ppc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3689y"
},
{
"model": "xeon e3 1270",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v3"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3708"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "840qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v4"
},
{
"model": "cortex-a57",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "bl ppc15 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3 1245 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2408l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2358"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2710qe"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3540"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v4"
},
{
"model": "xeon e5 2428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2375m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200h"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7542"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "cortex-a9",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620"
},
{
"model": "xeon e5 2640",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4810mq"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2920"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210h"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "370m"
},
{
"model": "xeon e5 1680 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112e"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3060"
},
{
"model": "cortex-a78ae",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697a_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6152"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350h"
},
{
"model": "xeon e3 1220l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745"
},
{
"model": "xeon e5 2428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5640"
},
{
"model": "xeon e5 2637 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2677m"
},
{
"model": "dl ppc18.5m 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5500u"
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4617"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v4"
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600k"
},
{
"model": "xeon e3 1275l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "975"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4000m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "xeon e5 2637 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3450"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600"
},
{
"model": "xeon e5 2650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8164"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5530"
},
{
"model": "simatic itc1900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v4"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3808"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8158"
},
{
"model": "atom x7-e3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "bl bpc 2001",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "local service management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4260u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6360u"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v3"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3538"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2760qm"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3710"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2300"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2508"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3445"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7235"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3670"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710mq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735e"
},
{
"model": "cortex-a73",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5680"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2460"
},
{
"model": "xeon e5 2620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "dl ppc15m 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610me"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3475s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8600k"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775d"
},
{
"model": "xeon e3 1125c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4005u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2610ue"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517ue"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210y"
},
{
"model": "xeon e5 2648l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2700k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600u"
},
{
"model": "xeon e5 1650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a77",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860s"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3115c"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4785t"
},
{
"model": "xeon e3 1230l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870"
},
{
"model": "workstation",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "12.5.8"
},
{
"model": "xeon e3 1270 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4288u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2637m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3570"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2316"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2125"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600t"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y70"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5609"
},
{
"model": "xeon e5 2609",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2629m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600u"
},
{
"model": "xeon bronze 3106",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980x"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4760hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770d"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "460m"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3355"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126t"
},
{
"model": "vl2 ppc 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3590"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600k"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2516"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5677"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v4"
},
{
"model": "bl rackmount 2u",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5502"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5620"
},
{
"model": "xeon e5 2440 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6128"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770r"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3858"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v4"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4100"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300hq"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5606"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2580"
},
{
"model": "vl ipc p7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5 2623 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4500u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qe"
},
{
"model": "xeon e3 1290",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y31"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7560u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5950hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v3"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4205"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640lm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2880_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5590"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170t"
},
{
"model": "xeon e5 2450l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3360m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3558"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "450m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4628l_v4"
},
{
"model": "xeon e5 1620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8894_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2130"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6140m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2630qm"
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2637 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2102"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2750"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2510e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6320"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v3"
},
{
"model": "diskstation manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.2.2-24922"
},
{
"model": "el ppc 1000\\/m",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3205rk"
},
{
"model": "fusion",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "8.5.9"
},
{
"model": "vl bpc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7520"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4000"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10c"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3530"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "960"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2675qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700"
},
{
"model": "xeon e3 1285 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v3"
},
{
"model": "xeon e5 2630l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4890_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5115"
},
{
"model": "bl bpc 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3 1231 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2467m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450p"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5630"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570s"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736f"
},
{
"model": "xeon e5 2603",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7600u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "lc5518"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v3"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7290f"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6006u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350u"
},
{
"model": "xeon e5 2650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5650u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5257u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100u"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7230"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v3"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2830"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660ue"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6585r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "990x"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2665"
},
{
"model": "vl2 bpc 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750s"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5550u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6132"
},
{
"model": "vl ppc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3 1280",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340te"
},
{
"model": "cortex-x1",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4105"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3555le"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3440"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2840"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126"
},
{
"model": "xeon e3 1125c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3406"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3950"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2520"
},
{
"model": "simatic winac rtx \\ 2010",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3430"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699r_v4"
},
{
"model": "xeon e5 2628l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5603"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4108"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670s"
},
{
"model": "xeon e5 1630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3750"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5530"
},
{
"model": "local service management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3635qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670t"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3560"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3050"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "720qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100h"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2738"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6442eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790s"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2377m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "880"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3510"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310e"
},
{
"model": "vl bpc 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3815"
},
{
"model": "xeon e5 2648l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2420"
},
{
"model": "vs360hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3295rk"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2805"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "470um"
},
{
"model": "xeon e5 1620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2410m"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520um"
},
{
"model": "xeon e5 2643 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5670"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v2"
},
{
"model": "bl ppc 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3720qm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7530"
},
{
"model": "xeon e3 1240",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1220 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4400e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770s"
},
{
"model": "atom x5-e3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030u"
},
{
"model": "xeon e5 2648l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v4"
},
{
"model": "workstation",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "12.0.0"
},
{
"model": "xeon e5 1650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1235",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400s"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4880_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5200u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8837"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5557u"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "simatic itc2200 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4750hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6098p"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4624l_v2"
},
{
"model": "btc14",
"scope": "eq",
"trust": 1.0,
"vendor": "pepperl fuchs",
"version": null
},
{
"model": "fusion",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "8.0.0"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3320m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4558u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3427u"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j2850"
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3160"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6260u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5690"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v4"
},
{
"model": "xeon e5 2450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2438l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4258u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570t"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850_v2"
},
{
"model": "vl2 ppc 2000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v3"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7230f"
},
{
"model": "xeon e5 2630l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460"
},
{
"model": "xeon e3 1265l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7295"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3460"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7567u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3480"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3690"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3265rk"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5607"
},
{
"model": "xeon e5 2623 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940xm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2340ue"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6134m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5010u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300u"
},
{
"model": "xeon e3 1220",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126f"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qe"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112"
},
{
"model": "hci",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "vl2 bpc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e3 1265l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2480"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735f"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667"
},
{
"model": "bl bpc 3001",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v3"
},
{
"model": "xeon e3 1240l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2550"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5507"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740d"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v3"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850hq"
},
{
"model": "xeon e5 2603 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2920xm"
},
{
"model": "xeon e5 2609 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1245 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3830"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735d"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3632qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v3"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7285"
},
{
"model": "simatic itc1500 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "xeon e5 2420 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570te"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440eq"
},
{
"model": "xeon e5 1630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6150"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "lc5528"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "bl2 bpc 7000",
"scope": "eq",
"trust": 1.0,
"vendor": "phoenixcontact",
"version": null
},
{
"model": "xeon e5 1620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "simatic winac rtx \\ 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "655k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370t"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3230rk"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200y"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l7545"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700eq"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7550"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2558"
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2637",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7250f"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2830"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2365m"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3700"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2370m"
},
{
"model": "xeon e3 1246 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402ec"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745d"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620ue"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "11"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "windows sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "7"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "v8"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "10"
},
{
"model": "xeon cpu e5-1650",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "cortex a57",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "pro a8-9600 r7",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
},
{
"model": "compute cores 4c+6g",
"scope": "eq",
"trust": 0.6,
"vendor": "amd",
"version": "10"
},
{
"model": "fx -8320 eight-core processor",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
},
{
"model": "windows server",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1689.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.924.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.110.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375127"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.31"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.51"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.117"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.166"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.891.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.15"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.27"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.306.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1012"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1005.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.42"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1039"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.434.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1311.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.687.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.155"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.365.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.879.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.926.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.47255"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.39"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403.157"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.530.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.58"
},
{
"model": "facsmelody",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1308.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.633.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.769.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.127"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.785.0"
},
{
"model": "pro a8-9600 r7 compute cores 4c+6g",
"scope": "eq",
"trust": 0.3,
"vendor": "amd",
"version": "100"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "facscanto ii clinical",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.225"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.90"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.11"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.385.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.319.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.908.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.204"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.219"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.374.0"
},
{
"model": "pyxis ecostation system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.23"
},
{
"model": "facscanto ii",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.40"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1043"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.604.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.40"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.44"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.150"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.40"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.756.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.34"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.886.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.123"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.342"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.51"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.233"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.955.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1082.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.760.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.110"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1658.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.368.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.594.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.118"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.743.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "62.0.3202.97"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96365"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357.130"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "63.0.3239.86"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.816.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.393.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.362.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.618.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.628.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.815.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "27.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.423.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "62.0.3202.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.802.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.46"
},
{
"model": "prepstain",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.323.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.804.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.370.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.203"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.805.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.789.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.32"
},
{
"model": "totalys slideprep",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.315"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.55"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.512.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.109"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.5"
},
{
"model": "simatic ipc427e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.901.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.729.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.23"
},
{
"model": "chrome os beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.130.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.483.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.467.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.200"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.10"
},
{
"model": "facslink interface",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.25"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "28"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.16"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.128.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.452.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.111"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1017"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.748.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.727.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.379.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.654.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.32"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.119"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.334.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.110"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.862.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.303"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.91"
},
{
"model": "facsjazz",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.95"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.721.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.90"
},
{
"model": "sql server for 32-bit systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201240"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1030"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "12.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.132"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.51"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.336"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.32"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.602.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.211"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1058.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.79"
},
{
"model": "sql server for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201240"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.415.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.931.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.115"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.722.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.32"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.520.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1022"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.651.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.31"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.109"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.476.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.354.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.690.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.570.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.347.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.13"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.2"
},
{
"model": "sinumerik d sl ncu730.3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "840"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.11"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.412.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.44"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.634.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.329.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1085.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.664.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.26"
},
{
"model": "sinumerik d sl ncu730.3b",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "840"
},
{
"model": "lsr ii",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.596.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.113"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.69"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.730.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1060.0"
},
{
"model": "pyxis supply roller",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.40"
},
{
"model": "facscount",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.610.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.422.0"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.48"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.299.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.371.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.56"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.615.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.599.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.99"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.452.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.102"
},
{
"model": "enterprise mrg",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "focal point linux",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "-0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.92"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.6"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1675.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.28"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.873.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.301.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.116"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.794.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.42"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.781.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "53.0.2785.143"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1298.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.157.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.134"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.554.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.45"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "40.0.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.631.0"
},
{
"model": "communications lsms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.125"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.102"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.477.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.941.0"
},
{
"model": "pyxis cathrack",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "v80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.516.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.430.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1684.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.457.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1289.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1008.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.943.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.21"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.609.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364160"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.211.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.582.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.589.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.41"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.575.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1663.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1280.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.21"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.122"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.95"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.726.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1034.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "60.0.3112.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.32"
},
{
"model": "rowa dose",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.716.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.480.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.45"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.700.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.28"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.154"
},
{
"model": "xen",
"scope": "eq",
"trust": 0.3,
"vendor": "xen",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1684.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1652.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.627.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.826.0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.7"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.581.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.1"
},
{
"model": "focal point solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "-0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.544.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.130"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1041"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.336.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.10"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.11"
},
{
"model": "simatic s7-1518-4 pn/dp odk",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "52.0.2743.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "53.0.2785.113"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1295.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.922.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.113"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.42"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.638.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.219"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272.118"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.910.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.149"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1686.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.90"
},
{
"model": "simatic ipc427d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.671.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.366.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "50.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.424.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.39"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.898.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.478.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.465.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.540.0"
},
{
"model": "facspresto",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.57"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.46"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "sql server for 32-bit systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20123"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1004.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.136"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.935.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.821.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.212.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.492.0"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.33"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.923.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.46"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.16"
},
{
"model": "windows for 32-bit systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.41"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.948.0"
},
{
"model": "sql server for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20123"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.74"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.63"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.114"
},
{
"model": "pyxis duostation",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1024.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.784.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.16"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.15"
},
{
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.683.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.9.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.425.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.486.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "35.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.747.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.333"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.1"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.99"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.27"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1300.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.32"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1028"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.33"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.133"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.773.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.26"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.157"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.739.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.19"
},
{
"model": "influx",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.27"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491059"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.159.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1028.0"
},
{
"model": "chrome os",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "65.0.3325.167"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.95"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1013"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.658.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.159"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1023"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.761.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.690.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.44"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.16"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.24"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.660.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "57.0.2987.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1676.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.108"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.137"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1669.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.587.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.16"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.321.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "39.0.2171.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.48"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.861.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.524.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.717.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.9"
},
{
"model": "sql server r2 for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "200830"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.880.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.607.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.471.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.923.1"
},
{
"model": "simatic ipc477d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37.0.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.126"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.89"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.309.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.232"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.778.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.655.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.115"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.579.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.694.0"
},
{
"model": "bactec",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "90500"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.669.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.67"
},
{
"model": "simatic s7-1500 software controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "47.0.2526.80"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "11.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.190.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "39.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.400.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.31"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.592.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.902.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.444.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.39"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.15"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1272.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.548.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.640.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.23"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.020"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.18"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "53.0.2785.103"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.110"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.759.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.587.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.84"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "49.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.314.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.69"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"model": "simatic ipc677d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.13"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.125"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1661.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.662.0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.149"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.833.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.119"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.810.0"
},
{
"model": "simotion p320-4e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.871.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.31"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.51"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364160"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1681.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.41"
},
{
"model": "nexus 6p",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.649.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.354.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.316.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.692.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.83"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.17"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.93"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.630.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.21"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.154.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.885.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.569.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.89"
},
{
"model": "simatic itp3000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.962.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1675.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.306.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "59.0.3071.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.295.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.123"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.318.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.619.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.14"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1004"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.100"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "57.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1033"
},
{
"model": "simatic ipc627c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1044"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.160"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1679.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.23"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "60.0.3112.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.70"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.51"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.539.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.661.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.91"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.939.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.474.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.110"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.893.1"
},
{
"model": "security analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.99"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.883.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.306"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.62"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.348.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.2"
},
{
"model": "windows server r2 for itanium-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "20.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.120"
},
{
"model": "simatic itp1000",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.935.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.705.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1082.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1016.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.395.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.118"
},
{
"model": "ruggedcom rx1400 vpe",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.776.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.72"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "59.0.3071.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1075.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.24"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.01"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.172"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.117"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.443.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.296.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.107"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.776.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.96379"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.217"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.900.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1074.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.126"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.19"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "10.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.611.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.407.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.57"
},
{
"model": "pyxis medstation es",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.892.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.51"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.518.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.346.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1658.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.897.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.421.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.132"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.56"
},
{
"model": "pyxis stockstation system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.0"
},
{
"model": "simotion p320-4s",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "36.0.1985.143"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1003.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.927.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.382.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.23"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "49.0.2623.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.55"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.462.0"
},
{
"model": "simatic ipc827d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1021.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.9"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.77"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.16"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.818.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.08"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.645.0"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.126"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.23"
},
{
"model": "chrome ~~~and",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "38.0.2125.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1065.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.674.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.905.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "facssample prep assistant iii",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.169"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.23"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.115"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "20.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.59"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1040.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.35"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.939.0"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.758.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.93"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.99"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.184"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.154"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.112"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.42"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.0.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.109"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.344"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.419.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.608.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.135"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.675.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.117"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.755.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1072.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.435.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.215"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.63"
},
{
"model": "pyxis medication administration",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.617.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1019.0"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.685.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.312"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.110"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.699.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.65"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.453.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.961.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.3"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.202"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "30"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.341"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.57"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1058"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "56.0.2924.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1662.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1669.3"
},
{
"model": "facsverse",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.52"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.506.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1054"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.132"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.168"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.16"
},
{
"model": "kiestra tla/wca",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1286.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.703.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.668.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.744.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "10"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.35"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.31"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "25.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "57.0.2987.133"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1078.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.328.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.91"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.381.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.144"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1283.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.711.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.109"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.330"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.21"
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.147"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.797.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.14443"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.521.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.46"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.774.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.2"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.350.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.803.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.49"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.155"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.623.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.51"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.345.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.215"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.23"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1001.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.859.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1674.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.930.0"
},
{
"model": "pyxis specimen collection verification",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.6"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.50"
},
{
"model": "windows server r2 for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.562.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "55.0.2883.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.798.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.227"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.302"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.416.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.63"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.59"
},
{
"model": "gencell clic",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.111"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.647.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "59.0.3071.115"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.937.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.90"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.123"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.26"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.277.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.71"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.350.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.136"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.27"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "50"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.12"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.867.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.329"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.746.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.38"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.12"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1287.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.753.0"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.92"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1038.0"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.7.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.288.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.7"
},
{
"model": "phoenix",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "bactec fx",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.496.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.109"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.294.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.728.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.85"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.7"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.824.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.706.0"
},
{
"model": "lyse wash assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.453.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.35"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.933.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.585.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.557.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.80"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.549.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.12.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.111"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.314.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.207"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.440.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.343.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1053.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.957.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.52"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.573.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1055"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.806.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.13"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.863.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.652.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.29"
},
{
"model": "simatic ipc227e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.719.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.952.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.401.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.495.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1019"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.872.0"
},
{
"model": "simatic hmi comfort pro panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1022.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.36"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.153"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.341.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.11"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.223"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1657.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1273.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.46"
},
{
"model": "rowa vmax system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1274.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1056.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1303.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1015"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.714.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.8"
},
{
"model": "pyxis parx",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.22"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.150"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.230"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.67"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.172"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.942.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.50"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375125"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.128"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.720.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.904.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.114"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.212"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.116"
},
{
"model": "pyxis nursing data collection",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.22"
},
{
"model": "security analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1659.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1052.0"
},
{
"model": "content analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "2.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.305.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.89"
},
{
"model": "data innovations",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1034"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.145"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.646.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.697.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.222"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.593.0"
},
{
"model": "sql server for 32-bit systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "200840"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.100"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.20"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.339.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1060.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.70"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1031.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.626.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.37"
},
{
"model": "facslyric",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.708.0"
},
{
"model": "facscanto 10-color",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "v80"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.161"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.559.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.625.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.64"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1009.0"
},
{
"model": "facsduet sample prep",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.680.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.326"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1062.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.203"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.659.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.881.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.800.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.37599"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.330.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1001"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.18"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1056"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.33"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.768.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.82"
},
{
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.871.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.11"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.31"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.10.140.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1304.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.670.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.378.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.0"
},
{
"model": "sinumerik d sl ncu720.3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "840"
},
{
"model": "sinumerik panels wtih integrated tcu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.10"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1037"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.2"
},
{
"model": "pyxis parassist system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.2"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "50.0.2661.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1060"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.126"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.611.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.547.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.300.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.509.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.387.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.382.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.290.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.33"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.386.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1056.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.839.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1277.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.38"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.764.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.616.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.66"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.82"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.22"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.45"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.564.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1046"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.50"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"model": "sql server for 32-bit systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201420"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1081.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.868.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.19"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.126.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.220"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.42"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.397.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.70"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.99"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.50"
},
{
"model": "sql server for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201420"
},
{
"model": "ipad air",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.491.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1054.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.535.1"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1289.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "53.0.2785.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.825.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.814.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.600.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.566.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.132"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.137"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "50.0.2661.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.877.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.860.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.475.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1070.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.958.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.94"
},
{
"model": "simatic ipc847c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.415.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.108"
},
{
"model": "simatic itp1000",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "v23.01.03"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1020.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.614.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.57"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.344.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.235"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.156.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.111"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.715.0"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "kiestra inoqula standalone",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.55"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.505.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1063.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.286.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.15"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.723.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.134"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.725.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.92"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.224"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.358.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.151"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.754.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.107"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.58"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1007"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1659.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.783.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1047"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1052"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.78"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.51"
},
{
"model": "simatic ipc277e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1690.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.308"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.820.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1044.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.109"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.343"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.432.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.731.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.560.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.819.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.324.0"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1048"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.125"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1032.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.162"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.29"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.433.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.117"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.94"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "38.0.2125.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.153"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.201"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1687.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.22"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.903.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.672.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.733.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.749.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.113"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.762.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.719.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.12"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.271.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.813.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.7"
},
{
"model": "assurity linc",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.237"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.53"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.77"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.211"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.622.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.673.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.1"
},
{
"model": "accuri c6 plus",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "simatic ipc477c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1063.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.187"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.383.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.790.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.465.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.319"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.33"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.658.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "51.0.2704.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.7"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.932.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.13"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "29.0.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.34"
},
{
"model": "pyxis infant care verification",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.41"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "49.0.2623.108"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1064.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.23"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.0"
},
{
"model": "pyxis supplystation",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1651.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1003.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.95"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.391.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.6"
},
{
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1664.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.18"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.7"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.89"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "64.0.3282.167"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.81"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1031"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "58.0.3029.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1007.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.40"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.326.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1680.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.39"
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.686.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.213"
},
{
"model": "x-series xos",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "9.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.23"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.32"
},
{
"model": "simatic field pg m5",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "22.1.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1010"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.113"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.337"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.51"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.4"
},
{
"model": "pyxis medstation console",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "40000"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.15"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.27"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.170"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.33"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1051"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.98"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.112"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.87"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "22.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.119"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.45"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.896.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.152"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.417.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.218"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.334"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.657.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "37.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1049"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.331"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1057"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1673.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.689.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.39"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "43.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.55"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.152"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1288.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "40"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.390.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1655.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.707.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.38"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1081.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.50"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1011.1"
},
{
"model": "fusion",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "47"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1067.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.44"
},
{
"model": "communications lsms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1664.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.801.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1"
},
{
"model": "rowa smart",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1048.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.807.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.865.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.86"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "12.5.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1296.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.481.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.489.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.55"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "51.0.2704.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.97"
},
{
"model": "pixel xl",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.10.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.47"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.50"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "60.0.3080.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "59.0.3071.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.96"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.572.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.29"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.356.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1055.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.93"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.786.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "36.0.1985.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.20"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.59"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1039.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.836.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.23"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.1"
},
{
"model": "lsrfortessa",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "x-200"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.216"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.591.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "45.0.2454.101"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.99"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.107"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.168"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.278.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.74"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.413.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.580.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.123"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.146"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.513.0"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.29"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.30"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1042"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.158.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.761.1"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.30"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.45"
},
{
"model": "sinumerik pcu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "50.5"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.130"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.765.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.100"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.108"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "26.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.53"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.553.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.494.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.745.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.484.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.10"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.62"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.25"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1061.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.829.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.482.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.32"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1015110"
},
{
"model": "totalys multiprocessor",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1309.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.76"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "56"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.14"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "sql server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20170"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.27"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "46.0.2490.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.677.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.890.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "47.0.2526.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.770.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.30"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "53"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "64.0.3282.134"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.364.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "47.0.2526.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.349.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.17"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "58.0.3029.96"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.63"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1297.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1026"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.53"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.33"
},
{
"model": "simatic ipc627d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1068.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.762.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.1"
},
{
"model": "simatic ipc427c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.723.1"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.884.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1038"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1068.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.621.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.310"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1006"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.811.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.709.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.882.0"
},
{
"model": "alaris systems manager",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1002.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "60.0.3112.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.384.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.111"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.118"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.157.2"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.134"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.721.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.76"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.113"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.563.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.750.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.24"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.193.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.771.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.43"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "44.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.8"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.906.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.169.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.114"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.202"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.363.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.60"
},
{
"model": "simatic ipc547e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1306.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.601.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.52"
},
{
"model": "panel designer",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.812.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.944.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "57.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.635.0"
},
{
"model": "simatic s7-1518f-4 pn/dp odk",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.96"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1660.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1047.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.44"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.37"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.473.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.441.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1040"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1037.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.115"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.104"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.53"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.426.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.752.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.43"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.33"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5x"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.834.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.327.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1654.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.49"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.401.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.112"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.22"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.493.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.216"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.103"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "64.0.3282.144"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "59.0.3071.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.327"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.186"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.956.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1662.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.49"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.9"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1183.0"
},
{
"model": "sinumerik tcu",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "30.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.217"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491036"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.108"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.522.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "49.0.2623.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.23"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.5"
},
{
"model": "sinumerik d sl ncu720.3b",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "840"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.12"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "61.0.3163.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.622.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.91"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.159"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1062.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.152.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.556.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.119"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.161"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.772.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.322.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.125"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1059.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.398.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.404.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.140"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "47.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.53"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.321"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.45"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.870.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1006.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.91"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1653.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "28.0"
},
{
"model": "pyxis anesthesia es",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.58"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.551.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1083.0"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.152"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "62.0.3202.89"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.301"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.335"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.695.0"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.39"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1021"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1688.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.325"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.24"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.732.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1290.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.26"
},
{
"model": "vcloud usage meter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.712.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "49.0.2566.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1286.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.152"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.558.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.2"
},
{
"model": "simatic ipc827c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.822.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.120"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.665.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.629.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "49"
},
{
"model": "sql server r2 for 32-bit systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "200830"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1012.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.339"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.109"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.15"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.763.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.947.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1276.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.168"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.878.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.42"
},
{
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "57.0.4"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.542.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1663.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.48"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.837.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1014"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.70"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3.1"
},
{
"model": "simatic ipc847d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.324"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.929.0"
},
{
"model": "simatic ipc547g",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.510.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.1549"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.410.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.787.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.323"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.292.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.405.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.212.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.684.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.796.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.153.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.35"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.134.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1076.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.123"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1307.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.757.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.15"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.79"
},
{
"model": "facscelesta",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.20"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.5"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.55"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.31"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.45"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.118"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.40"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "50.0.2661.102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.832.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1066.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.702.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.316"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.221.8"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.403.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.55"
},
{
"model": "simatic field pg m5",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "43.0.2357"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "33.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874102"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.304.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1018.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1278.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.229"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.572.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.146"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.139"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.22"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.60"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1282.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.303.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.80"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.100"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3"
},
{
"model": "pyxis scrubstation system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.26"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "18.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.20"
},
{
"model": "pyxis anesthesia system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "35000"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.436.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1030.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.44"
},
{
"model": "xeon cpu e5-1650",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.340"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1689.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.343"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.531.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.679.0"
},
{
"model": "veritor plus system",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.57"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.300"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.893.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.644.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.173"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.570.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.17"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.313.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.351.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.887.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "30.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1288.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.36"
},
{
"model": "content analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1498.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.793.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.151"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1301.0"
},
{
"model": "facsvia",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "pixel c",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.29"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.8"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1043.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1000.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "46.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.19"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.317"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.204"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.909.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.118"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.886.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.14"
},
{
"model": "simatic ipc477e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.318"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.115"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.936.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.488.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.526.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.808.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.287.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.11.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "28.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.584.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1042.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.369.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.907.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.120"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "25.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.29"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.86"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1685.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.108"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.25"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "29.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.823.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.791.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.577.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1061.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.91"
},
{
"model": "simatic ipc347e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.676.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.210"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.525.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.490.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.681.0"
},
{
"model": "viper lt",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "pyxis procedurestation",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.495.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.500.0"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.309"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.97"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.214"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1050"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.135"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.11"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.3.4"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.4419.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.416.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.950.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.8"
},
{
"model": "sql server for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "200840"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.613.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.32"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.182.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1276.0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.5.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.163"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1281.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1049.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.304"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.162"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.18"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.305"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.862.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.464.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.70"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.682.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.940.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.22"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.119"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1683.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.151"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.376.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1077.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1025"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.921.3"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.10"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "12.5.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.54"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.155"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.538.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.519.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1041.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.69"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.561.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1306.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1311.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.586.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.766.0"
},
{
"model": "simatic ipc677c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.28"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.34"
},
{
"model": "vcloud usage meter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.740.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.125"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.50"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.603.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.45"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.529.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.95"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.399.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.203"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.126"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.830.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.131"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.687.1"
},
{
"model": "chrome beta",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.249.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.925.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.499.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.864.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.69"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "38.0.2125.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.40"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.447.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.43"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.117"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1076.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.72"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.458.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.208"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1682.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.959.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.2.149.27"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.624.0"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.156"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.639.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.26"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311.135"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1293.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1654.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.73"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.25"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.698.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1079.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.338"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.71"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.598.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1287.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.30"
},
{
"model": "simatic ipc377e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.894.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "12.5.3"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1061"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.906.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.737.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1284.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.237"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.445.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.214"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.514.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1444.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1672.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.53"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.275.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.52"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.10"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "53.0.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.320"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "58.0.3029.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.311"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.693.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.736.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1069.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1668.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1019.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.606.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.438.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.62"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.120"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.11"
},
{
"model": "kernel",
"scope": "eq",
"trust": 0.3,
"vendor": "linux",
"version": "4.14.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.209"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.113"
},
{
"model": "sql server for x64-based systems service pack",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "201610"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1299.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.226"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.869.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.738.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "27.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.7"
},
{
"model": "fx -8320 eight-core processor",
"scope": "eq",
"trust": 0.3,
"vendor": "amd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.102"
},
{
"model": "macos supplemental",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.13.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.231"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.32"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.18"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.54"
},
{
"model": "sql server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.578.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.958.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.380.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.21"
},
{
"model": "vsphere data protection",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.1.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.25"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.28"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.809.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.50"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1681.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.361.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1018"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.4.154.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.701.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.54"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.780.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.605.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1051.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.51"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.49"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.663.0"
},
{
"model": "pyxis ciisafe -workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.537.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1275.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.133"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1046.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.122"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1062"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.934.0"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.928.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.490.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1020"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.469.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1080.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.67"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.951.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.130"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.414.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.52"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.332"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.81"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.108"
},
{
"model": "simatic field pg m4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.115"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.18"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.688.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1050.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.479.0"
},
{
"model": "pyxis parx handheld",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.960.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.838.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.394.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.41"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.718.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.503.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.890.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "41.0.2272.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.528.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.30"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.25"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.78"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1676.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.2491064"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.84"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.105"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1023.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.325.0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.724.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.335.4"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.431.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "3.0.195.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.498.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.51"
},
{
"model": "facscalibur",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.3"
},
{
"model": "facscanto 10-color clinical",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.406.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.938.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.515.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1294.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.36"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "viper xtr",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.55"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.445.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.409.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.775.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.315.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.119"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.54"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.21"
},
{
"model": "facsaria i/ii/iii",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.741.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.27"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.170.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.588.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.59"
},
{
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.75"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "41.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1045.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.799.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.511.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1073.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.152"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.792.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.35"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.9"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "43.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1667.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.322"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.33"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1279.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.169.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.272.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.97"
},
{
"model": "pyxis medstation",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "35000"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.411.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.47"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.367.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1016"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1045"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.106"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.634.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.454.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.79"
},
{
"model": "fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "8.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.53"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1029.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.7"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.6"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.337.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.507.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.54"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1032"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1302.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.118"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.0"
},
{
"model": "lsrfortessa",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.945.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.151"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "52.0.2743.116"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1666.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "44.0.2403"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.895.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.355.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.6"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "57.0.2987.137"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.21"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.95"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.308.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "50.0.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.44"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1272.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.234"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.21"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.171"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.104"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.0"
},
{
"model": "pixel xl",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.103"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.650.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "51.0.2704.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.338.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.451.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.135"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.114"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.59"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "22"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.156"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1301.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.222.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.868.0"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1304.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1671.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1017.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.15"
},
{
"model": "pyxis cubie replenishment station",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.40"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.427.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "19.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1024"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.276.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.117"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.307.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.87"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.112"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.933.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.642.0"
},
{
"model": "cortex a57",
"scope": "eq",
"trust": 0.3,
"vendor": "arm",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.574.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.936.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "2.0.172.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "39.0.2171.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.320.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.1"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.72"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.946.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.888.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.5"
},
{
"model": "security analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1307.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.224.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1678.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.33"
},
{
"model": "ruggedcom ape",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.97"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.704.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.149"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.60"
},
{
"model": "bactec fx40",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1035"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.288.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1291.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.68"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.59"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9"
},
{
"model": "vcloud usage meter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.3.3"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.60"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "29.0.1547.57"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.223.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.632.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.158"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.154"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.328"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.889.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.777.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "simatic et 200sp open controller",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.899.0"
},
{
"model": "windows for x64-based systems sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1029"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.571.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.30"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.79"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1677.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.19"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.76"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.734.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.954.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.667.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.38"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1310.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.34"
},
{
"model": "pyxis transfusion verification",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.9.131.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.342"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.512"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.93"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.35"
},
{
"model": "vrealize automation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.2.4.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.485.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.678.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.16"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.1.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.372.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.77"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.949.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.638.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "54.0.2840.99"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.450.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.392.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.212"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1063"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.710.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.206"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.289.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.49"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.620.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.96"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1685.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.568.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.735.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "50.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.487.0"
},
{
"model": "workstation",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "12.5.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.302.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.129"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.124"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.9"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.590.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.113"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.827.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.23"
},
{
"model": "carrier routing system 6.6.0.base",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.89"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.332.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.107"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.953.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.666.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1071.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1013.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.73"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "61.0.3163.113"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.0.275.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.340.0"
},
{
"model": "facsaria fusion",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.373.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.87"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "49.0.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.32"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.0"
},
{
"model": "vsphere integrated containers",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "1.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1036.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.353.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.408.2"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "61.0.3163.79"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.43"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.84"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.470.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.461.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "22.04917"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1285.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.446.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.88"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.5"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-6.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.357.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.459.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.541.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.221"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.64"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.31"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.333.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.779.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.57"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "1.0.154.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.307"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.121"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.127"
},
{
"model": "chrome beta mac",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.7"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1027"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.396.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.110"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.428.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.42"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.612.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.95"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1035.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.21"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.767.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.891.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.460.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.14"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1001.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.87"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "34.0.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.75"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.466.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1053"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.74"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.455.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1014.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "21.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.220"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.210"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.449.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.142"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.9"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.911.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.4"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.497.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.82"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.576.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "28.0.1500.61"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1015.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.795.0"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.87"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "42.0.2311.90"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.213"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1010.2"
},
{
"model": "vsphere integrated containers",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "1.3.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "16.0.912.12"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.148"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.437.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1682.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.99"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.751.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.636.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.91"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.313"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.360.5"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "40.0.2214.114"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.64"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1670.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.456.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.874.12"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "37.0.2062.65"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.47"
},
{
"model": "communications lsms",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.831.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.38"
},
{
"model": "innova",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.111"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.67"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.375.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.550.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1305.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.583.0"
},
{
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.317.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.595.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1009"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0.1847.131"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.108"
},
{
"model": "proliant dl385 gen10 server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.02"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "23.0.1271.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0.3.154.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.94"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "15.0.866.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.34"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "52.0.2743.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1673.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.35"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "30.0.1599.101"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.72"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.85"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.131"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.128"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.342.8"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.653.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.63"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1656.1"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "48.0.2564.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "22.0.1229.92"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "17.0.963.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.713.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.643.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.62"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.22"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1057.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0.552.228"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "53.0.2785.144"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.2"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.5"
},
{
"model": "bactec",
"scope": "eq",
"trust": 0.3,
"vendor": "bd",
"version": "9120/92400"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.504.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.517.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1312.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.767.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "24.0.1292.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1058.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "62.0.3202.75"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025.129"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "12.0.742.21"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "26.0.1410.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.41"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20.0.1132.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.218"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.418.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.68"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.359.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1084.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.205"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.597.83"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.78"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.565.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0.536.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9.0.567.0"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.2.2"
},
{
"model": "vm server for",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "x863.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.37586"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.835.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "13.0.782.238"
},
{
"model": "chrome os",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "25.0.1364.98"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.472.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "27.0.1453.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.656.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.696.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "21.0.1180.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.1.249.1011"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10.0.648.66"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "19.0.1033.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.38"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "14.0.788.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "11.0.691.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "BID",
"id": "102371"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:local_service_management_system:13.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.2-24922",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.7-6941-1",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:virtual_machine_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2-23739",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:synology:vs360hd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:synology:vs360hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:12:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp2:*:*:*:*:raspberry_pi:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-r7_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-r7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-r8_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-r8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a8_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a9_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a9:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a12_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a15_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a15:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a17_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a17:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pepperl-fuchs:visunet_rm_shell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:btc12_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:btc12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pepperl-fuchs:btc14_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:pepperl-fuchs:btc14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc12_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc12_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_2001_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_2001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_3001_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_3001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_bpc_7001_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_bpc_7001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc15_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc15_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_ppc17_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_ppc17_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_rackmount_2u_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_rackmount_2u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl_rackmount_4u_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl_rackmount_4u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_bpc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_bpc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:bl2_ppc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:bl2_ppc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc15_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc15_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc15m_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc15m_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc18.5m_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc18.5m_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:dl_ppc21.5m_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:dl_ppc21.5m_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000\\/wt_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000\\/wt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:el_ppc_1000\\/m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:el_ppc_1000\\/m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:valueline_ipc_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:valueline_ipc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ppc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ppc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_bpc_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_bpc_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ppc_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ppc_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl_ipc_p7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl_ipc_p7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_2000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_3000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_7000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_bpc_9000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_bpc_9000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc_9000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc_9000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc7_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc7_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc9_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc9_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:phoenixcontact:vl2_ppc12_1000_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:phoenixcontact:vl2_ppc12_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1500_pro:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc1900_pro:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itc2200_pro:v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2010",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_2010_firmware:2010:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.5.9",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201312402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201403211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201404420:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201406401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201407405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201409207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201410406:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201501405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201502401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201504201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201505404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201509213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201510401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201512404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201601401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201602401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201608405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201609403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201612402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201703401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5.0:550-201709403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:neoverse_n1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:neoverse_n1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "145718"
},
{
"db": "PACKETSTORM",
"id": "145641"
},
{
"db": "PACKETSTORM",
"id": "145666"
},
{
"db": "PACKETSTORM",
"id": "146315"
},
{
"db": "PACKETSTORM",
"id": "145635"
}
],
"trust": 0.5
},
"cve": "CVE-2017-5753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2018-00304",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-113956",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5753",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00304",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113956",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. Multiple CPU Hardware are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Xeon CPU E5-1650 v3, v2, v4; Xeon E3-1265l v2, v3, v4 ; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. Relevant releases/architectures:\n\nImage Updates for RHV-H - noarch\n\n3. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n==========================================================================\nUbuntu Security Notice USN-3540-2\nJanuary 23, 2018\n\nlinux-lts-xenial, linux-aws vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. This update provides the corresponding updates for the\nLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\nUbuntu 14.04 LTS. This flaw is known as Spectre. \n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n16.04 LTS for Ubuntu 14.04 LTS. This flaw is known as Meltdown. (CVE-2017-5754)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-4.4.0-1011-aws 4.4.0-1011.11\n linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1\n linux-image-aws 4.4.0.1011.11\n linux-image-generic-lts-xenial 4.4.0.111.95\n linux-image-lowlatency-lts-xenial 4.4.0.111.95\n linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95\n linux-image-powerpc-smp-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95\n\nPlease note that fully mitigating CVE-2017-5715 (Spectre Variant 2)\nrequires corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. Ubuntu is working with Intel and AMD to provide\nfuture microcode updates that implement IBRS and IBPB as they are made\navailable. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation. \n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice. \n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the \"retpoline\" compiler feature which allows\n indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function. \n\n More use sites will be added over time. \n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation. \n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check. \n A local user could use this to cause a denial of service. \n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service. \n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. \n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service. \n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service. \n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service. \n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution. \n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service. \n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service. \n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service. \n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the \"noflush_merge\" mount option is used. \n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service. \n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service. \n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default. \n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service. \n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation. \n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service. \n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. \n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service. \n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact. \n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service. \n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service. \n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service. \n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact. \n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client. \n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation. \n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures. \n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron61fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Rtqw//Xf/L4bP65wU9M59Ef6xBt+Eph+yxeMsioGhu80ODdMemlmHzASMtfZjY\nAXxyt9l8lbHn8MmwDA4aLhhwHYXwvKATdpHSy1SILrRfb4s9P9uV1vsHaIeZ649E\nhDyNon9hP2tPso6BwqiYHZZy9Xxtd+T8vTBeBZwUKOLBkBRvV/gyNSUdJWp6L8WH\naF4D1hHl9ZotDkyIvkubbx77aqbJ88I4R0n69x7L9udFbuXa+U7hV6dJdnpzyl/7\nOukJfEtnkaUgWu0MdOfFss6iH5OQISn/y/ricRi29oKQiEp3YwnT5J9pFwSQeJJS\nH8ABVt251UoS0J+of3QWw0muOT/6UAF8SNpPKMJXC7Euq8pTmYVPSIeUYf4eqn65\nUHZSCKXaszItq+uzVNYdkj504BJ4cG1lFxZtlrFWwKE8p7QOETN0GKvTRdu/SvDd\nHl2nb4HouLpBYS518Th2/MGgzhXXAuO12MH3smenptZbqxKn9Z0XSTJYzFupgJk/\nkKF2xkDFBE4toTLVE+6XdUKwYk4vkeDZyOGOwRYThSkKAzrUh5zThgal4HnknD2A\n5ye4XLhjgSIT47/nmor6lhxd7WGXGkV33GF0azYlHr/sclfzxcU2Ev3NUBWQ8M3s\nCxfIO0FNCzO0WIUf40md7MlIAnDBIRGyYgNIIe7AnSRKKPykEx8=\n=wNQS\n-----END PGP SIGNATURE-----\n. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nIn this update mitigations for x86-64 architecture are provided. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nppc64:\nkernel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-bootwrapper-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-devel-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-headers-2.6.32-696.18.7.el6.ppc64.rpm\nperf-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-devel-2.6.32-696.18.7.el6.s390x.rpm\nkernel-headers-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-devel-2.6.32-696.18.7.el6.s390x.rpm\nperf-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nppc64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\nkernel-debuginfo-common-ppc64-2.6.32-696.18.7.el6.ppc64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-2.6.32-696.18.7.el6.ppc64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.ppc64.rpm\n\ns390x:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nkernel-debuginfo-common-s390x-2.6.32-696.18.7.el6.s390x.rpm\nkernel-kdump-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-2.6.32-696.18.7.el6.s390x.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.s390x.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nkernel-2.6.32-696.18.7.el6.src.rpm\n\ni386:\nkernel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-headers-2.6.32-696.18.7.el6.i686.rpm\nperf-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nnoarch:\nkernel-abi-whitelists-2.6.32-696.18.7.el6.noarch.rpm\nkernel-doc-2.6.32-696.18.7.el6.noarch.rpm\nkernel-firmware-2.6.32-696.18.7.el6.noarch.rpm\n\nx86_64:\nkernel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.i686.rpm\nkernel-debug-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-devel-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-headers-2.6.32-696.18.7.el6.x86_64.rpm\nperf-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.i686.rpm\nkernel-debuginfo-common-i686-2.6.32-696.18.7.el6.i686.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\npython-perf-2.6.32-696.18.7.el6.i686.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.i686.rpm\n\nx86_64:\nkernel-debug-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\nkernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6.x86_64.rpm\nperf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-2.6.32-696.18.7.el6.x86_64.rpm\npython-perf-debuginfo-2.6.32-696.18.7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaTXwuXlSAg2UNWIIRAp3LAKCNdSqjVu7zsXcUTnpGuuQAuUlTpwCfTE/O\nOR+iGnoY+cALbsBWKwbmzQM=\n=V4ow\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2018-1-8-1 iOS 11.2.2\n\niOS 11.2.2 is now available and and addresses the following:\n\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod\ntouch 6th generation\nDescription: iOS 11.2.2 includes security improvements to Safari and\nWebKit to mitigate the effects of Spectre (CVE-2017-5753 and\nCVE-2017-5715). Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03805en_us\nVersion: 7\n\nHPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel,\nAMD, and ARM, with Speculative Execution, Elevation of Privilege and\nInformation Disclosure. \n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-01-23\nLast Updated: 2018-01-22\n\nPotential Security Impact: Local: Disclosure of Information, Elevation of\nPrivilege\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nOn January 3 2018, side-channel security vulnerabilities involving\nspeculative execution were publicly disclosed. These vulnerabilities may\nimpact the listed HPE products, potentially leading to information disclosure\nand elevation of privilege. Mitigation and resolution of these\nvulnerabilities may call for both an operating system update, provided by the\nOS vendor, and a system ROM update from HPE. \n\n\n**Note:**\n\n * This issue takes advantage of techniques commonly used in many modern\nprocessor architectures. \n * For further information, microprocessor vendors have provided security\nadvisories:\n \n - Intel:\n\u003chttps://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu\ngeid=en-fr\u003e\n - AMD: \u003chttp://www.amd.com/en/corporate/speculative-execution\u003e\n - ARM: \u003chttps://developer.arm.com/support/security-update\u003e\n\nReferences:\n\n - CVE-2017-5715 - aka Spectre, branch target injection\n - CVE-2017-5753 - aka Spectre, bounds check bypass\n - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access\npermission check performed after kernel memory read\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant DL380 Gen10 Server - To be delivered\n - HPE ProLiant DL180 Gen10 Server - To be delivered\n - HPE ProLiant DL160 Gen10 Server - To be delivered\n - HPE ProLiant DL360 Gen10 Server - To be delivered\n - HPE ProLiant ML110 Gen10 Server - To be delivered\n - HPE ProLiant DL580 Gen10 Server - To be delivered\n - HPE ProLiant DL560 Gen10 Server - To be delivered\n - HPE ProLiant DL120 Gen10 Server - To be delivered\n - HPE ProLiant ML350 Gen10 Server - To be delivered\n - HPE ProLiant XL450 Gen10 Server - To be delivered\n - HPE Synergy 660 Gen10 Compute Module - To be delivered\n - HPE ProLiant DL385 Gen10 Server - prior to v1.04 \n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant BL460c Gen10 Server Blade - To be delivered\n - HPE ProLiant XL190r Gen10 Server - To be delivered\n - HPE ProLiant XL230k Gen10 Server - To be delivered\n - HPE Synergy 480 Gen10 Compute Module - To be delivered\n - HPE ProLiant XL730f Gen9 Server - To be delivered\n - HPE ProLiant XL230a Gen9 Server - To be delivered\n - HPE ProLiant XL740f Gen9 Server - To be delivered\n - HPE ProLiant XL750f Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen9 Server - To be delivered\n - HP ProLiant DL60 Gen9 Server - To be delivered\n - HP ProLiant DL160 Gen9 Server - To be delivered\n - HPE ProLiant DL360 Gen9 Server - To be delivered\n - HP ProLiant DL380 Gen9 Server - To be delivered\n - HPE ProLiant XL450 Gen9 Server - To be delivered\n - HPE Apollo 4200 Gen9 Server - To be delivered\n - HP ProLiant BL460c Gen9 Server Blade - To be delivered\n - HP ProLiant ML110 Gen9 Server - To be delivered\n - HP ProLiant ML150 Gen9 Server - To be delivered\n - HPE ProLiant ML350 Gen9 Server - To be delivered\n - HP ProLiant DL120 Gen9 Server - To be delivered\n - HPE ProLiant DL560 Gen9 Server - To be delivered\n - HP ProLiant BL660c Gen9 Server - To be delivered\n - HPE ProLiant ML30 Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant DL20 Gen9 Server - To be delivered\n - HPE Synergy 660 Gen9 Compute Module - To be delivered\n - HPE Synergy 480 Gen9 Compute Module - To be delivered\n - HPE ProLiant XL250a Gen9 Server - To be delivered\n - HPE ProLiant XL190r Gen9 Server - To be delivered\n - HP ProLiant DL80 Gen9 Server - To be delivered\n - HPE ProLiant DL180 Gen9 Server - To be delivered\n - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server -\nTo be delivered\n - HPE ProLiant WS460c Gen9 Workstation - To be delivered\n - HPE ProLiant XL260a Gen9 Server - To be delivered\n - HPE Synergy 620 Gen9 Compute Module - To be delivered\n - HPE ProLiant DL580 Gen9 Server - To be delivered\n - HP ProLiant XL220a Gen8 v2 Server - To be delivered\n - HPE Synergy 680 Gen9 Compute Module - To be delivered\n - HPE ProLiant m510 Server Cartridge - To be delivered\n - HPE ProLiant m710p Server Cartridge - To be delivered\n - HPE ProLiant m710x Server Cartridge - To be delivered\n - HP ProLiant m710 Server Cartridge - To be delivered\n - HP ProLiant DL980 G7 Server - To be delivered\n - HPE Synergy Composer - To be delivered\n - HPE ProLiant Thin Micro TM200 Server - To be delivered\n - HPE ProLiant ML10 v2 Server - To be delivered\n - HPE ProLiant m350 Server Cartridge - To be delivered\n - HPE ProLiant m300 Server Cartridge - To be delivered\n - HPE ProLiant MicroServer Gen8 - To be delivered\n - HPE ProLiant ML310e Gen8 v2 Server - To be delivered\n - HPE Superdome Flex Server - To be delivered\n - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted\n - HPE StoreVirtual 3000 File Controller - To be delivered\n - HPE StoreEasy 1450 Storage - To be delivered\n - HPE StoreEasy 1550 Storage - To be delivered\n - HPE StoreEasy 1650 Storage - To be delivered\n - HPE StoreEasy 3850 Gateway Storage - To be delivered\n - HPE StoreEasy 1850 Storage - To be delivered\n - HP ConvergedSystem 700 - To be delivered\n - HPE Converged Architecture 700 - To be delivered\n - HP ProLiant DL580 Gen8 Server - To be delivered\n - HPE Cloudline CL2100 Gen10 Server - To be delivered\n - HPE Cloudline CL2200 Gen10 Server - To be delivered\n - HPE Cloudline CL3150 G4 Server - To be delivered\n - HPE Cloudline CL5200 G3 Server - To be delivered\n - HPE Cloudline CL3100 G3 Server - To be delivered\n - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be\ndelivered\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5715\n 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N\n 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)\n\n CVE-2017-5753\n 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\n 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2017-5754\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nOn January 11, Intel announced issues with an increased frequency of reboots\nwhen using the microcodes they released to address Variant 2 of the Spectre\nVulnerability for numerous processors including Broadwell, Haswell, Skylake,\nKaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified\nthe root cause of these issues and determined that these microcodes may\nintroduce reboots and other unpredictable system behavior. Due to the\nseverity of the potential issues that may occur when using these microcodes,\nIntel is now recommending that customers discontinue their use. Additional\ninformation is available from Intels Security Exploit Newsroom here:\n\u003chttps://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e . \nHPE is in alignment with Intel in our recommendation that customers\ndiscontinue use of System ROMs including impacted microcodes and revert to\nearlier System ROM versions. \n\nAll System ROMs including impacted microcodes have been removed from the HPE\nSupport Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2\nservers as well as HPE Superdome servers for which updated System ROMs had\npreviously been made available. Intel is working on updated microcodes to\naddress these issues, and HPE will validate updated System ROMs including\nthese microcodes and make them available to our customers in the coming\nweeks. \n\nMitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities\nrequire only OS updates and are not impacted. \n\n * HPE has provided a customer bulletin\n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us\u003e\nwith specific instructions to obtain the udpated sytem ROM\n \n - Note:\n \n + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a\nvendor supplied operating system update be applied as well. \n + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only\nupdates of a vendor supplied operating system. \n + HPE will continue to add additional products to the list. \n\nHISTORY\n\nVersion:1 (rev.1) - 4 January 2018 Initial release\n\nVersion:2 (rev.2) - 5 January 2018 Added additional impacted products\n\nVersion:3 (rev.3) - 10 January 2018 Added more impacted products\n\nVersion:4 (rev.4) - 9 January 2018 Fixed product ID\n\nVersion:5 (rev.5) - 18 January 2018 Added additional impacted products\n\nVersion:6 (rev.6) - 19 January 2018 updated impacted product list\n\nVersion:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for\nSystem ROM updates per Intel\u0027s guidance on microcode issues\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nSeveral vulnerabilities were discovered in WebKitGTK+. \n\nCVE-2017-5753\n Versions affected: WebKitGTK+ before 2.18.5. \n Credit to Jann Horn of Google Project Zero; and Paul Kocher in\n collaboration with Daniel Genkin of University of Pennsylvania and\n University of Maryland, Daniel Gruss of Graz University of\n Technology, Werner Haas of Cyberus Technology, Mike Hamburg of\n Rambus (Cryptography Research Division), Moritz Lipp of Graz\n University of Technology, Stefan Mangard of Graz University of\n Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz\n of Graz University of Technology, and Yuval Yarom of University of\n Adelaide and Data61. Description: Security improvements\n are included to mitigate the effects. \n\nCVE-2017-5715\n Versions affected: WebKitGTK+ before 2.18.5. \n Credit to Jann Horn of Google Project Zero; and Paul Kocher in\n collaboration with Daniel Genkin of University of Pennsylvania and\n University of Maryland, Daniel Gruss of Graz University of\n Technology, Werner Haas of Cyberus Technology, Mike Hamburg of\n Rambus (Cryptography Research Division), Moritz Lipp of Graz\n University of Technology, Stefan Mangard of Graz University of\n Technology, Thomas Prescher of Cyberus Technology, Michael Schwarz\n of Graz University of Technology, and Yuval Yarom of University of\n Adelaide and Data61. Description: Security\n improvements are included to mitigate the effects. \n\n\nWe recommend updating to the last stable version of WebKitGTK+. It is\nthe best way of ensuring that you are running a safe version of\nWebKitGTK+. Please check our website for information about the last\nstable releases. \n\nFurther information about WebKitGTK+ Security Advisories can be found\nat: https://webkitgtk.org/security.html\n\nThe WebKitGTK+ team,\nJanuary 10, 2018\n\n. 7.2) - noarch, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5753"
},
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "BID",
"id": "102371"
},
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "PACKETSTORM",
"id": "145718"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "147451"
},
{
"db": "PACKETSTORM",
"id": "145641"
},
{
"db": "PACKETSTORM",
"id": "145762"
},
{
"db": "PACKETSTORM",
"id": "146771"
},
{
"db": "PACKETSTORM",
"id": "145666"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "146315"
},
{
"db": "PACKETSTORM",
"id": "145837"
},
{
"db": "PACKETSTORM",
"id": "145635"
},
{
"db": "PACKETSTORM",
"id": "145774"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113956",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113956"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5753",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#584653",
"trust": 2.2
},
{
"db": "BID",
"id": "102371",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#180049",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1040071",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-505225",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "145645",
"trust": 1.1
},
{
"db": "LENOVO",
"id": "LEN-18282",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "43427",
"trust": 1.1
},
{
"db": "CERT@VDE",
"id": "VDE-2018-003",
"trust": 1.1
},
{
"db": "CERT@VDE",
"id": "VDE-2018-002",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA18-141A",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00304",
"trust": 0.6
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-18-011-01E",
"trust": 0.3
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-18-011-01C",
"trust": 0.3
},
{
"db": "JUNIPER",
"id": "JSA10842",
"trust": 0.3
},
{
"db": "SIEMENS",
"id": "SSA-168644",
"trust": 0.3
},
{
"db": "JVN",
"id": "JVNVU93823979",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "145837",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145774",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150863",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145715",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201801-150",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113956",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145718",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147451",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145641",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145666",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145635",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "BID",
"id": "102371"
},
{
"db": "PACKETSTORM",
"id": "145718"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "147451"
},
{
"db": "PACKETSTORM",
"id": "145641"
},
{
"db": "PACKETSTORM",
"id": "145774"
},
{
"db": "PACKETSTORM",
"id": "145762"
},
{
"db": "PACKETSTORM",
"id": "146771"
},
{
"db": "PACKETSTORM",
"id": "145666"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "146315"
},
{
"db": "PACKETSTORM",
"id": "145837"
},
{
"db": "PACKETSTORM",
"id": "145635"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"id": "VAR-201801-1712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "VULHUB",
"id": "VHN-113956"
}
],
"trust": 1.3327639805555553
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00304"
}
]
},
"last_update_date": "2024-07-23T21:03:25.229000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"trust": 1.9,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102371"
},
{
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"trust": 1.6,
"url": "https://support.apple.com//ht208394"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/speculative-store-bypass"
},
{
"trust": 1.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.4,
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"trust": 1.4,
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"trust": 1.4,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002"
},
{
"trust": 1.4,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
},
{
"trust": 1.4,
"url": "https://spectreattack.com/"
},
{
"trust": 1.4,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2018:0292"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/jun/36"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt"
},
{
"trust": 1.1,
"url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/"
},
{
"trust": 1.1,
"url": "https://cdrdv2.intel.com/v1/dl/getcontent/685359"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.1,
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"trust": 1.1,
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx231399"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k91229003"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/solutions/len-18282"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"trust": 1.1,
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_18_01"
},
{
"trust": 1.1,
"url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html"
},
{
"trust": 1.1,
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"trust": 1.1,
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040071"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3540-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3541-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3542-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"trust": 1.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
},
{
"trust": 0.8,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"trust": 0.8,
"url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
},
{
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 0.8,
"url": "https://support.hp.com/us-en/document/c06001626"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
},
{
"trust": 0.8,
"url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7022937"
},
{
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
},
{
"trust": 0.8,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
},
{
"trust": 0.8,
"url": "https://kb.vmware.com/s/article/54951"
},
{
"trust": 0.8,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-5753"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
},
{
"trust": 0.6,
"url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-5754"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-5715"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/errata/rhsa-2018:0008"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/errata/rhsa-2018:0010"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/errata/rhsa-2018:0016"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
},
{
"trust": 0.3,
"url": "http://www.amd.com/en-gb"
},
{
"trust": 0.3,
"url": "https://www.arm.com/"
},
{
"trust": 0.3,
"url": "http://www.intel.com/content/www/us/en/homepage.html"
},
{
"trust": 0.3,
"url": "https://newsroom.intel.com/news/intel-responds-to-security-research-findings/"
},
{
"trust": 0.3,
"url": "https://lwn.net/articles/738975/"
},
{
"trust": 0.3,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10842\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht208394"
},
{
"trust": 0.3,
"url": "https://www.chromium.org/home/chromium-security/ssca"
},
{
"trust": 0.3,
"url": "https://www.amd.com/en/corporate/speculative-execution"
},
{
"trust": 0.3,
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2018/jan/21"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2018/jan/22"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2018/jan/23"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519778"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.html"
},
{
"trust": 0.3,
"url": "https://support.google.com/faqs/answer/7622138"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01c"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/alerts/ics-alert-18-011-01e"
},
{
"trust": 0.3,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/120"
},
{
"trust": 0.3,
"url": "https://jvn.jp/vu/jvnvu93823979/index.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinapr2018-4431088.html"
},
{
"trust": 0.3,
"url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-meltdown-and-spectre-update-1"
},
{
"trust": 0.3,
"url": "https://googleprojectzero.blogspot.in/2018/01/reading-privileged-memory-with-side.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/errata/rhsa-2018:0007"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/errata/rhsa-2018:0009"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/errata/rhsa-2018:0011"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/errata/rhsa-2018:0017"
},
{
"trust": 0.3,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa161"
},
{
"trust": 0.3,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2018-01/"
},
{
"trust": 0.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
},
{
"trust": 0.3,
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-chrome-os_19.html"
},
{
"trust": 0.3,
"url": "https://lists.vmware.com/pipermail/security-announce/2018/000397.html"
},
{
"trust": 0.3,
"url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html"
},
{
"trust": 0.3,
"url": "https://developer.arm.com/support/security-update"
},
{
"trust": 0.3,
"url": "http://xenbits.xenproject.org/xsa/advisory-289.txt"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/3307851"
},
{
"trust": 0.1,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3540-2"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3540-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1011.11"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-111.134~14.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16911"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7492"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16912"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000004"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.17.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/384.111-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3521-1"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3523-1,"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3541-1,"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.13.0-37.42"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.13.0-1015.16"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3597-1,"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00039267en_us\u003e"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://developer.arm.com/support/security-update\u003e"
},
{
"trust": 0.1,
"url": "http://www.amd.com/en/corporate/speculative-execution\u003e"
},
{
"trust": 0.1,
"url": "https://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2018-0001.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "BID",
"id": "102371"
},
{
"db": "PACKETSTORM",
"id": "145718"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "147451"
},
{
"db": "PACKETSTORM",
"id": "145641"
},
{
"db": "PACKETSTORM",
"id": "145774"
},
{
"db": "PACKETSTORM",
"id": "145762"
},
{
"db": "PACKETSTORM",
"id": "146771"
},
{
"db": "PACKETSTORM",
"id": "145666"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "146315"
},
{
"db": "PACKETSTORM",
"id": "145837"
},
{
"db": "PACKETSTORM",
"id": "145635"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"db": "VULHUB",
"id": "VHN-113956"
},
{
"db": "BID",
"id": "102371"
},
{
"db": "PACKETSTORM",
"id": "145718"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "147451"
},
{
"db": "PACKETSTORM",
"id": "145641"
},
{
"db": "PACKETSTORM",
"id": "145774"
},
{
"db": "PACKETSTORM",
"id": "145762"
},
{
"db": "PACKETSTORM",
"id": "146771"
},
{
"db": "PACKETSTORM",
"id": "145666"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "146315"
},
{
"db": "PACKETSTORM",
"id": "145837"
},
{
"db": "PACKETSTORM",
"id": "145635"
},
{
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"date": "2018-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-113956"
},
{
"date": "2018-01-03T00:00:00",
"db": "BID",
"id": "102371"
},
{
"date": "2018-01-06T18:01:06",
"db": "PACKETSTORM",
"id": "145718"
},
{
"date": "2018-01-23T04:32:09",
"db": "PACKETSTORM",
"id": "146017"
},
{
"date": "2018-05-03T01:31:56",
"db": "PACKETSTORM",
"id": "147451"
},
{
"date": "2018-01-04T01:20:35",
"db": "PACKETSTORM",
"id": "145641"
},
{
"date": "2018-01-09T17:32:51",
"db": "PACKETSTORM",
"id": "145774"
},
{
"date": "2018-01-09T17:13:40",
"db": "PACKETSTORM",
"id": "145762"
},
{
"date": "2018-03-15T15:54:32",
"db": "PACKETSTORM",
"id": "146771"
},
{
"date": "2018-01-04T17:53:07",
"db": "PACKETSTORM",
"id": "145666"
},
{
"date": "2018-01-24T00:28:48",
"db": "PACKETSTORM",
"id": "146026"
},
{
"date": "2018-02-09T15:01:04",
"db": "PACKETSTORM",
"id": "146315"
},
{
"date": "2018-01-11T01:02:22",
"db": "PACKETSTORM",
"id": "145837"
},
{
"date": "2018-01-04T00:52:58",
"db": "PACKETSTORM",
"id": "145635"
},
{
"date": "2018-01-04T13:29:00.257000",
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-19T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00304"
},
{
"date": "2021-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-113956"
},
{
"date": "2019-04-17T06:00:00",
"db": "BID",
"id": "102371"
},
{
"date": "2021-11-23T22:14:00.490000",
"db": "NVD",
"id": "CVE-2017-5753"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102371"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "145774"
},
{
"db": "PACKETSTORM",
"id": "146771"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "102371"
}
],
"trust": 0.3
}
}
VAR-202206-1900
Vulnerability from variot - Updated: 2024-07-23 20:57curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
- Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
- CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
-
Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
-
RHACM 2.3.12 images (BZ# 2101411)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: HTTP compression denial of service (CVE-2022-32206)
-
curl: HTTP multi-header compression denial of service (CVE-2023-23916)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Gatekeeper Operator v0.2 security and container updates Advisory ID: RHSA-2022:6348-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2022:6348 Issue date: 2022-09-06 CVE Names: CVE-2021-40528 CVE-2022-1292 CVE-2022-1586 CVE-2022-1705 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2526 CVE-2022-28131 CVE-2022-29824 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 =====================================================================
- Summary:
Gatekeeper Operator v0.2 security updates
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Gatekeeper Operator v0.2
Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters.
This advisory contains the container images for Gatekeeper that include bug fixes and container upgrades.
Note: Gatekeeper support from the Red Hat support team is limited to where it is integrated and used with Red Hat Advanced Cluster Management for Kubernetes. For support options for any other use, see the Gatekeeper open source project website at: https://open-policy-agent.github.io/gatekeeper/website/docs/howto/.
Security fix:
-
CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets lack random ticket_age_add
-
CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
-
CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions
-
CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip
-
CVE-2022-30630: golang: io/fs: stack exhaustion in Glob
-
CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
-
CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob
-
CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode
-
CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
-
CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
-
Solution:
The requirements to apply the upgraded images are different whether or not you used the operator. Complete the following steps, depending on your installation:
-
Upgrade gatekeeper operator: The gatekeeper operator that is installed by the gatekeeper operator policy has
installPlanApprovalset toAutomatic. This setting means the operator will be upgraded automatically when there is a new version of the operator. No further action is required for upgrade. If you changed the setting forinstallPlanApprovaltomanual, then you must view each cluster to manually approve the upgrade to the operator. -
Upgrade gatekeeper without the operator: The gatekeeper version is specified as part of the Gatekeeper CR in the gatekeeper operator policy. To upgrade the gatekeeper version: a) Determine the latest version of gatekeeper by visiting: https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. b) Click the tag dropdown, and find the latest static tag. An example tag is 'v3.3.0-1'. c) Edit the gatekeeper operator policy and update the image tag to use the latest static tag. For example, you might change this line to image: 'registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1'.
Refer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/ for additional information.
- Bugs fixed (https://bugzilla.redhat.com/):
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
- References:
https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2526 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxd1LNzjgjWX9erEAQi7KxAAjtYnTUInhFC8FJ6zXunwhBa8YpT3E6Ym hemyRubgeyUdhySlgfPFmhrEU6nT3CUmzVN11wQu9iVmUzg3V/x+WhvMK371313m 7XzE0nuZ5uZRxXGVr8dqoecgm47t2884+QzGO4cMIsK5ojfHLBY6oeYunjW6lC5/ 7P40TjANWdZMirOmxoOk3OHeYpFC9oIiovidDn7zqf3PFOa50ux6w4P/3Dep5qVl W1BaNJkWxRL5Uj2AiyxtnLR2Tg713ocazkZZ83nJdr2eMoFFJL7l7u/W2m9LS5rN UhwHejs+4kizsumeCRFyq5I67vmkGE2EMun3yKZDGNB8xgxQqkaOBTkcF4qzzgOt +cLhTRiuGXS4NETqYaWGE0n0kmFCE5jFbZaOlp9L1C56LtB4Ob6BSK/qtdl8wmMB Ap8POcwOp/6TM2SfXg27TzYyYdA3T8EDG4NcZJ05Kt/QsEm7odWa8qMQrBLx+vBs AzDqEoMuL6yPuU4TfpmUI19M3kCGq3dK6jvMv7PA3xn2XQnBfxgIZv5ayibOoM+G 4zhJAs44wO9xEb95fVUego6k3PME3r4u2az8CGBNBcNb9S56yktm3cfxfJv9fc6T C0pfoeTNknLDqKXTCCd8q3qurIX1oX4YTYDjn7F9lrsSQb/b7cv09VliE8xJyg/m yZ5qSsVjpIw= =RV0+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . Summary:
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
Bug Fix(es):
-
Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
-
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
-
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
-
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
-
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
-
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
-
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
-
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
-
Unable to start windows VMs on PSI setups (BZ#2115371)
-
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
-
Mark Windows 11 as TechPreview (BZ#2129013)
-
4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2102694 - Fedora version in DataImportCrons is not 'latest' 2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based 2115371 - Unable to start windows VMs on PSI setups 2119613 - GiB changes to B in Template's Edit boot source reference modal 2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2128872 - [4.11]Can't restore cloned VM 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129235 - [RFE] Add "Copy SSH command" to VM action list 2134668 - Cannot edit ssh even vm is stopped 2139453 - 4.11.1 rpms
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
- libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)
- libxml2: dict corruption caused by entity reference cycles (CVE-2022-40304)
- expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)
- zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
- curl: HSTS bypass via IDN (CVE-2022-42916)
- curl: HTTP proxy double-free (CVE-2022-42915)
- curl: POST following PUT confusion (CVE-2022-32221)
- httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
- httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
- httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
- httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
- httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
- curl: control code in cookie denial of service (CVE-2022-35252)
- zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field (CVE-2022-37434)
- jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
- curl: Unpreserved file permissions (CVE-2022-32207)
- curl: various flaws (CVE-2022-32206 CVE-2022-32208)
- openssl: the c_rehash script allows command injection (CVE-2022-2068)
- openssl: c_rehash script allows command injection (CVE-2022-1292)
- jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
- jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN 2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE 2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1900",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc626-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.84.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168280"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "168282"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 0.9
},
"cve": "CVE-2022-32206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-32206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Gatekeeper Operator v0.2 security and container updates\nAdvisory ID: RHSA-2022:6348-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6348\nIssue date: 2022-09-06\nCVE Names: CVE-2021-40528 CVE-2022-1292 CVE-2022-1586 \n CVE-2022-1705 CVE-2022-1962 CVE-2022-2068 \n CVE-2022-2097 CVE-2022-2526 CVE-2022-28131 \n CVE-2022-29824 CVE-2022-30629 CVE-2022-30630 \n CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 \n CVE-2022-30635 CVE-2022-32148 CVE-2022-32206 \n CVE-2022-32208 \n=====================================================================\n\n1. Summary:\n\nGatekeeper Operator v0.2 security updates\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nGatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include bug\nfixes and container upgrades. \n\nNote: Gatekeeper support from the Red Hat support team is limited to where\nit is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/. \n\nSecurity fix:\n\n* CVE-2022-30629: gatekeeper-container: golang: crypto/tls: session tickets\nlack random ticket_age_add\n\n* CVE-2022-1705: golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse*\nfunctions\n\n* CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630: golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\n3. Solution:\n\nThe requirements to apply the upgraded images are different whether or not\nyou\nused the operator. Complete the following steps, depending on your\ninstallation:\n\n* Upgrade gatekeeper operator:\nThe gatekeeper operator that is installed by the gatekeeper operator policy\nhas\n`installPlanApproval` set to `Automatic`. This setting means the operator\nwill\nbe upgraded automatically when there is a new version of the operator. No\nfurther action is required for upgrade. If you changed the setting for\n`installPlanApproval` to `manual`, then you must view each cluster to\nmanually\napprove the upgrade to the operator. \n\n* Upgrade gatekeeper without the operator:\nThe gatekeeper version is specified as part of the Gatekeeper CR in the\ngatekeeper operator policy. To upgrade the gatekeeper version:\na) Determine the latest version of gatekeeper by visiting:\nhttps://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9. \nb) Click the tag dropdown, and find the latest static tag. An example tag\nis\n\u0027v3.3.0-1\u0027. \nc) Edit the gatekeeper operator policy and update the image tag to use the\nlatest static tag. For example, you might change this line to image:\n\u0027registry.redhat.io/rhacm2/gatekeeper-rhel8:v3.3.0-1\u0027. \n\nRefer to https://open-policy-agent.github.io/gatekeeper/website/docs/howto/\nfor additional information. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1705\nhttps://access.redhat.com/security/cve/CVE-2022-1962\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-2526\nhttps://access.redhat.com/security/cve/CVE-2022-28131\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-30629\nhttps://access.redhat.com/security/cve/CVE-2022-30630\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-30632\nhttps://access.redhat.com/security/cve/CVE-2022-30633\nhttps://access.redhat.com/security/cve/CVE-2022-30635\nhttps://access.redhat.com/security/cve/CVE-2022-32148\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxd1LNzjgjWX9erEAQi7KxAAjtYnTUInhFC8FJ6zXunwhBa8YpT3E6Ym\nhemyRubgeyUdhySlgfPFmhrEU6nT3CUmzVN11wQu9iVmUzg3V/x+WhvMK371313m\n7XzE0nuZ5uZRxXGVr8dqoecgm47t2884+QzGO4cMIsK5ojfHLBY6oeYunjW6lC5/\n7P40TjANWdZMirOmxoOk3OHeYpFC9oIiovidDn7zqf3PFOa50ux6w4P/3Dep5qVl\nW1BaNJkWxRL5Uj2AiyxtnLR2Tg713ocazkZZ83nJdr2eMoFFJL7l7u/W2m9LS5rN\nUhwHejs+4kizsumeCRFyq5I67vmkGE2EMun3yKZDGNB8xgxQqkaOBTkcF4qzzgOt\n+cLhTRiuGXS4NETqYaWGE0n0kmFCE5jFbZaOlp9L1C56LtB4Ob6BSK/qtdl8wmMB\nAp8POcwOp/6TM2SfXg27TzYyYdA3T8EDG4NcZJ05Kt/QsEm7odWa8qMQrBLx+vBs\nAzDqEoMuL6yPuU4TfpmUI19M3kCGq3dK6jvMv7PA3xn2XQnBfxgIZv5ayibOoM+G\n4zhJAs44wO9xEb95fVUego6k3PME3r4u2az8CGBNBcNb9S56yktm3cfxfJv9fc6T\nC0pfoeTNknLDqKXTCCd8q3qurIX1oX4YTYDjn7F9lrsSQb/b7cv09VliE8xJyg/m\nyZ5qSsVjpIw=\n=RV0+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. Summary:\n\nRed Hat OpenShift Virtualization release 4.11.1 is now available with\nupdates to packages and images that fix several bugs and add enhancements. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2102694 - Fedora version in DataImportCrons is not \u0027latest\u0027\n2109407 - [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based\n2115371 - Unable to start windows VMs on PSI setups\n2119613 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129235 - [RFE] Add \"Copy SSH command\" to VM action list\n2134668 - Cannot edit ssh even vm is stopped\n2139453 - 4.11.1 rpms\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* libxml2: integer overflows with XML_PARSE_HUGE (CVE-2022-40303)\n* libxml2: dict corruption caused by entity reference cycles\n(CVE-2022-40304)\n* expat: a use-after-free in the doContent function in xmlparse.c\n(CVE-2022-40674)\n* zlib: a heap-based buffer over-read or buffer overflow in inflate in\ninflate.c via a large gzip header extra field (CVE-2022-37434)\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n* curl: HTTP proxy double-free (CVE-2022-42915)\n* curl: POST following PUT confusion (CVE-2022-32221)\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n* curl: control code in cookie denial of service (CVE-2022-35252)\n* zlib: a heap-based buffer over-read or buffer overflow in inflate in\ninflate.c via a large gzip header extra field (CVE-2022-37434)\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n* curl: Unpreserved file permissions (CVE-2022-32207)\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n2136266 - CVE-2022-40303 libxml2: integer overflows with XML_PARSE_HUGE\n2136288 - CVE-2022-40304 libxml2: dict corruption caused by entity reference cycles\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
},
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168280"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "168282"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32206",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/02/15/3",
"trust": 1.6
},
{
"db": "HACKERONE",
"id": "1570651",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-333517",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "168347",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4468",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5247",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4266",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4112",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5632",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4568",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168301",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071152",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168265",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168280",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168280"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "168282"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"id": "VAR-202206-1900",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.53838384
},
"last_update_date": "2024-07-23T20:57:34.431000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=198520"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5495-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://hackerone.com/reports/1570651"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.6,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.1,
"url": "https://submariner.io/getting-started/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://submariner.io/."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3460"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6348"
},
{
"trust": 0.1,
"url": "https://catalog.redhat.com/software/containers/rhacm2/gatekeeper-rhel8/5fadb4a18d9a79d2f438a5d9."
},
{
"trust": 0.1,
"url": "https://open-policy-agent.github.io/gatekeeper/website/docs/howto/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/multicluster_engine/install_upgrade/installing-while-connected-online-mce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168280"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "168282"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168280"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "168282"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-07T16:37:33",
"db": "PACKETSTORM",
"id": "168265"
},
{
"date": "2022-09-27T16:01:00",
"db": "PACKETSTORM",
"id": "168538"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2023-06-06T17:04:24",
"db": "PACKETSTORM",
"id": "172765"
},
{
"date": "2022-09-13T15:29:12",
"db": "PACKETSTORM",
"id": "168347"
},
{
"date": "2022-09-07T16:53:57",
"db": "PACKETSTORM",
"id": "168280"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-02T15:57:08",
"db": "PACKETSTORM",
"id": "170083"
},
{
"date": "2022-09-07T16:56:15",
"db": "PACKETSTORM",
"id": "168282"
},
{
"date": "2022-12-08T21:28:21",
"db": "PACKETSTORM",
"id": "170165"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"date": "2022-07-07T13:15:08.340000",
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"date": "2024-03-27T15:00:54.267000",
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
}
}
VAR-201902-0192
Vulnerability from variot - Updated: 2024-07-23 20:34If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available to download as an OVA file from the Customer Portal. ========================================================================== Ubuntu Security Notice USN-4376-2 July 09, 2020
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida Garc\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. A remote attacker could possibly use this issue to decrypt data. (CVE-2019-1559)
Bernd Edlinger discovered that OpenSSL incorrectly handled certain decryption functions. (CVE-2019-1563)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: libssl1.0.0 1.0.1f-1ubuntu2.27+esm1
Ubuntu 12.04 ESM: libssl1.0.0 1.0.1-4ubuntu5.44
After a standard system update you need to reboot your computer to make all the necessary changes. Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
openssl: 0-byte record padding oracle (CVE-2019-1559)
-
openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA 1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-19.el7.src.rpm
x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: imgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host (4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):
1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions
1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled
1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle
1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug
1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service
1702223 - Rebase RHV-H on RHEL 7.7
1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment
1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
1720156 - RHVH 4.3.4 version info is incorrect in plymouth and "/etc/os-release"
1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe
1720310 - RHV-H post-installation scripts failing, due to existing tags
1720434 - RHVH 7.7 brand is wrong in Anaconda GUI.
1720435 - Failed to install RHVH 7.7
1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation.
1724044 - Failed dependencies occur during install systemtap package.
1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer
1727007 - Update RHVH 7.7 branding with new Red Hat logo
1727859 - Failed to boot after upgrading a host with a custom kernel
1728998 - "nodectl info" displays error after RHVH installation
1729023 - The error message is inappropriate when run imgbase layout --init on current layout
This issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt. It was reported to OpenSSL on 10th December 2018.
Note: Advisory updated to make it clearer that AEAD ciphersuites are not impacted.
Note
OpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support for 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th September 2019. Users of these versions should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20190226.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.9.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "hyper converged infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-iq centralized management",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "a800",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.0"
},
{
"model": "storagegrid",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.0"
},
{
"model": "a220",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.0.20"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.2"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.3"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "traffix signaling delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "5.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.8"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.0.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "endeca server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "c190",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "agent",
"scope": "lte",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.6.4"
},
{
"model": "traffix signaling delivery controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.43"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "threat intelligence exchange server",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "3.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-iq centralized management",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.0.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.17.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.5"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0.0"
},
{
"model": "traffix signaling delivery controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.1.8"
},
{
"model": "big-ip edge gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.0.0"
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "9.0.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "altavault",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.3.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "9.0.2"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "big-ip edge gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip link controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "8.1.0"
},
{
"model": "threat intelligence exchange server",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "2.0.0"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-iq centralized management",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "6.0.0"
},
{
"model": "snapprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip advanced firewall manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "storagegrid",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0.4"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "fas2750",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.8.1"
},
{
"model": "fas2720",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.0.0"
},
{
"model": "big-iq centralized management",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "6.1.0"
},
{
"model": "big-ip analytics",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "big-ip fraud protection service",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip global traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip link controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.16"
},
{
"model": "data exchange layer",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "4.0.0"
},
{
"model": "big-ip application acceleration manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip domain name system",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip fraud protection service",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip global traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip local traffic manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip advanced firewall manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip application security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "big-ip webaccelerator",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.15.1"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "a320",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "big-ip domain name system",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "big-ip analytics",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "data exchange layer",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "6.0.0"
},
{
"model": "big-ip application security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "big-ip application acceleration manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "12.1.5"
},
{
"model": "agent",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "5.6.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "big-ip policy enforcement manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "pan-os",
"scope": "lt",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2r"
},
{
"model": "big-ip local traffic manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "jp1/snmp system observer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "job management system partern 1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "storagegrid webscale",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "nessus",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "traffix sdc",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "jp1/data highway",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/it desktop management 2",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/performance management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ontap select deploy",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snapdrive",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand unified manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hyper converged infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2r",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0.4",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.1.5",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.1.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.4",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.0",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.25",
"versionStartIncluding": "5.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.6.43",
"versionStartIncluding": "5.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.14",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.20",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.8",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.2",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.1.15",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.17.0",
"versionStartIncluding": "6.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.15.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt,Red Hat,Slackware Security Team,Juraj Somorovsky",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-1559",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-147651",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1559",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1559",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-956",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-147651",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-1559",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). OpenSSL Contains an information disclosure vulnerability.Information may be obtained. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A vulnerability in OpenSSL could allow an unauthenticated, remote malicious user to access sensitive information on a targeted system. An attacker who is able to perform man-in-the-middle attacks could exploit the vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to intercept and modify the browser requests and then observe the server behavior in order to conduct a padding oracle attack and decrypt sensitive information. The appliance is available\nto download as an OVA file from the Customer Portal. ==========================================================================\nUbuntu Security Notice USN-4376-2\nJuly 09, 2020\n\nopenssl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n Cesar Pereida Garc\\xeda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin,\n Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL\n incorrectly handled ECDSA signatures. An attacker could possibly use this\n issue to perform a timing side-channel attack and recover private ECDSA\n keys. A remote attacker could possibly use this issue to decrypt\n data. (CVE-2019-1559)\n\n Bernd Edlinger discovered that OpenSSL incorrectly handled certain\n decryption functions. (CVE-2019-1563)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n libssl1.0.0 1.0.1f-1ubuntu2.27+esm1\n\nUbuntu 12.04 ESM:\n libssl1.0.0 1.0.1-4ubuntu5.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openssl security and bug fix update\nAdvisory ID: RHSA-2019:2304-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2304\nIssue date: 2019-08-06\nCVE Names: CVE-2018-0734 CVE-2019-1559\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: 0-byte record padding oracle (CVE-2019-1559)\n\n* openssl: timing side channel attack in the DSA signature algorithm\n(CVE-2018-0734)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1649568 - openssl: microarchitectural and timing side channel padding oracle attack against RSA\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nppc64:\nopenssl-1.0.2k-19.el7.ppc64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-devel-1.0.2k-19.el7.ppc.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64.rpm\nopenssl-libs-1.0.2k-19.el7.ppc.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-devel-1.0.2k-19.el7.ppc64le.rpm\nopenssl-libs-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-19.el7.s390x.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-devel-1.0.2k-19.el7.s390.rpm\nopenssl-devel-1.0.2k-19.el7.s390x.rpm\nopenssl-libs-1.0.2k-19.el7.s390.rpm\nopenssl-libs-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-19.el7.ppc.rpm\nopenssl-debuginfo-1.0.2k-19.el7.ppc64.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64.rpm\nopenssl-static-1.0.2k-19.el7.ppc.rpm\nopenssl-static-1.0.2k-19.el7.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm\nopenssl-perl-1.0.2k-19.el7.ppc64le.rpm\nopenssl-static-1.0.2k-19.el7.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-19.el7.s390.rpm\nopenssl-debuginfo-1.0.2k-19.el7.s390x.rpm\nopenssl-perl-1.0.2k-19.el7.s390x.rpm\nopenssl-static-1.0.2k-19.el7.s390.rpm\nopenssl-static-1.0.2k-19.el7.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-19.el7.src.rpm\n\nx86_64:\nopenssl-1.0.2k-19.el7.x86_64.rpm\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-devel-1.0.2k-19.el7.i686.rpm\nopenssl-devel-1.0.2k-19.el7.x86_64.rpm\nopenssl-libs-1.0.2k-19.el7.i686.rpm\nopenssl-libs-1.0.2k-19.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-19.el7.i686.rpm\nopenssl-debuginfo-1.0.2k-19.el7.x86_64.rpm\nopenssl-perl-1.0.2k-19.el7.x86_64.rpm\nopenssl-static-1.0.2k-19.el7.i686.rpm\nopenssl-static-1.0.2k-19.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2019-1559\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97\nfW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM\nWQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM\nB39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q\n/LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ\nuX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F\nJbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A\ngLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0\nveL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x\nIcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx\nzBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm\nBtpJTAdr1kE=7kKR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nimgbased (1.1.9), ovirt-node-ng (4.3.5), redhat-release-virtualization-host\n(4.3.5), redhat-virtualization-host (4.3.5). Bugs fixed (https://bugzilla.redhat.com/):\n\n1640820 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions\n1658366 - CVE-2018-16881 rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled\n1683804 - CVE-2019-1559 openssl: 0-byte record padding oracle\n1687920 - RHVH fails to reinstall if required size is exceeding the available disk space due to anaconda bug\n1694065 - CVE-2019-0161 edk2: stack overflow in XHCI causing denial of service\n1702223 - Rebase RHV-H on RHEL 7.7\n1709829 - CVE-2019-10139 cockpit-ovirt: admin and appliance passwords saved in plain text variable file during HE deployment\n1718388 - CVE-2019-10160 python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc\n1720156 - RHVH 4.3.4 version info is incorrect in plymouth and \"/etc/os-release\"\n1720160 - RHVH 4.3.4: Incorrect info in /etc/system-release-cpe\n1720310 - RHV-H post-installation scripts failing, due to existing tags\n1720434 - RHVH 7.7 brand is wrong in Anaconda GUI. \n1720435 - Failed to install RHVH 7.7\n1720436 - RHVH 7.7 should based on RHEL 7.7 server but not workstation. \n1724044 - Failed dependencies occur during install systemtap package. \n1726534 - dhclient fails to load libdns-export.so.1102 after upgrade if the user installed library is not persisted on the new layer\n1727007 - Update RHVH 7.7 branding with new Red Hat logo\n1727859 - Failed to boot after upgrading a host with a custom kernel\n1728998 - \"nodectl info\" displays error after RHVH installation\n1729023 - The error message is inappropriate when run `imgbase layout --init` on current layout\n\n6. \n\nThis issue was discovered by Juraj Somorovsky, Robert Merget and Nimrod Aviram,\nwith additional investigation by Steven Collison and Andrew Hourselt. It was\nreported to OpenSSL on 10th December 2018. \n\nNote: Advisory updated to make it clearer that AEAD ciphersuites are not impacted. \n\nNote\n====\n\nOpenSSL 1.0.2 and 1.1.0 are currently only receiving security updates. Support\nfor 1.0.2 will end on 31st December 2019. Support for 1.1.0 will end on 11th\nSeptember 2019. Users of these versions should upgrade to OpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20190226.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1559",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TNS-2019-03",
"trust": 1.8
},
{
"db": "TENABLE",
"id": "TNS-2019-02",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10282",
"trust": 1.8
},
{
"db": "BID",
"id": "107174",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "151886",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158377",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155415",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3729",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0102",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2383",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0620",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0751.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0192",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0032",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4255",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4297",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3390.4",
"trust": 0.6
},
{
"db": "PULSESECURE",
"id": "SA44019",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151885",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154042",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-147651",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-1559",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155413",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153932",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"id": "VAR-201902-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
}
],
"trust": 0.36447732666666666
},
"last_update_date": "2024-07-23T20:34:36.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2019-132 Software product security information",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"title": "OpenSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89673"
},
{
"title": "Red Hat: Moderate: openssl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192304 - security advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192471 - security advisory"
},
{
"title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3899-1"
},
{
"title": "Debian Security Advisories: DSA-4400-1 openssl1.0 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=675a6469b3fad3c9a56addc922ae8d9d"
},
{
"title": "Red Hat: Moderate: rhvm-appliance security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192439 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193929 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.2 security release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193931 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Virtualization security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192437 - security advisory"
},
{
"title": "Red Hat: CVE-2019-1559",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-1559"
},
{
"title": "Arch Linux Advisories: [ASA-201903-2] openssl-1.0: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-2"
},
{
"title": "Arch Linux Advisories: [ASA-201903-6] lib32-openssl-1.0: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201903-6"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-1559"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1188",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1188"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1362",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1362"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1188",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1188"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=884ffe1be805ead0a804f06f7c14072c"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1092f7b64100b0110232688947fb97ed"
},
{
"title": "IBM: IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b4ff04f16b62df96980d37251dc9ae0"
},
{
"title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7856a174f729c96cf2ba970cfef5f604"
},
{
"title": "IBM: IBM Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=04a72ac59f1cc3a5b02c155d941c5cfd"
},
{
"title": "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a padding oracle vulnerability (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9c55c211aa2410823d4d568143afa117"
},
{
"title": "IBM: Security Bulletin: OpenSSL vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera Desktop Client 3.9.1 and earlier (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c233af3070d7248dcbafadb6b367e2a1"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7ceb7cf440b088f91358d1c597d5a414"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c0b11f80d1ecd798a97f3bda2b68f830"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability CVE-2019-1559 in OpenSSL affects IBM i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=12860155d0bf31ea6e2e3ffcef7ea7e0"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2709308a62e1e2fafc2e4989ef440aa3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1b873a45dce8bb56ff011908a9402b67"
},
{
"title": "IBM: IBM Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE\u2019s (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=aae1f2192c5cf9375ed61f7a27d08f64"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8b00742d4b57e0eaab4fd3f9a2125634"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 \u0026 GCM32 and LCM8 \u0026 LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ca67e77b9edd2ad304d2f2da1853223f"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analytics",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac5ccbde4e4ddbcabd10cacf82487a11"
},
{
"title": "IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=5fc1433ca504461e3bbb1d30e408592c"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-112"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-132"
},
{
"title": "IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e59d7f075c856823d6f7370dea35e662"
},
{
"title": "Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the April 2019 CPU",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5f1bd0287d0770973261ab8500c6982b"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerability in Node.js affects IBM Integration Bus \u0026 IBM App Connect Enterprise V11",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1a7cb34592ef045ece1d2b32c150f2a2"
},
{
"title": "IBM: IBM Security Bulletin: Secure Gateway is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=28830011b173eee360fbb2a55c68c9d3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8db7a9036f52f1664d12ac73d7a3506f"
},
{
"title": "IBM: IBM Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6b74f45222d8029af7ffef49314f6056"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-03"
},
{
"title": "Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=b508c983da563a8786bf80c360afb887"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Automatic Job Management System 3 - Web Operation Assistant",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-121"
},
{
"title": "Palo Alto Networks Security Advisory: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=217c2f4028735d91500e325e8ba1cbba"
},
{
"title": "Palo Alto Networks Security Advisory: CVE-2019-1559 OpenSSL vulnerability CVE-2019-1559 has been resolved in PAN-OS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=a16107c1f899993837417057168db200"
},
{
"title": "IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=00b8bc7d11e5484e8721f3f62ec2ce87"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=423d1da688755122eb2591196e4cc160"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1e6142e07a3e9637110bdfa17e331459"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a47e10150b300f15d2fd55b9cdaed12d"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2019-02"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Releases 1801-w and 1801-y",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=bf3f2299a8658b7cd3984c40e7060666"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-1559 "
},
{
"title": "Centos-6-openssl-1.0.1e-58.pd1trfir",
"trust": 0.1,
"url": "https://github.com/datourist/centos-6-openssl-1.0.1e-58.pd1trfir "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/tls-attacker/tls-padding-oracles "
},
{
"title": "TLS-Padding-Oracles",
"trust": 0.1,
"url": "https://github.com/rub-nds/tls-padding-oracles "
},
{
"title": "vyger",
"trust": 0.1,
"url": "https://github.com/mrodden/vyger "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.1
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.securityfocus.com/bid/107174"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3929"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3931"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2019:2304"
},
{
"trust": 1.9,
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2437"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:2439"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2471"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10282"
},
{
"trust": 1.2,
"url": "https://support.f5.com/csp/article/k18549143"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/"
},
{
"trust": 0.6,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory30.asc"
},
{
"trust": 0.6,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44019/?l=en_us\u0026atype=sa\u0026fs=search\u0026pn=1\u0026atype=sa"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html"
},
{
"trust": 0.6,
"url": "https://github.com/rub-nds/tls-padding-oracles"
},
{
"trust": 0.6,
"url": "http://openssl.org/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://support.symantec.com/us/en/article.symsa1490.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170328"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170340"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170334"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170322"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170352"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170346"
},
{
"trust": 0.6,
"url": "https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190572-1/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4212-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/ hitachi-sec-2019-132/index.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2016771"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2020677"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/2027745"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126581"
},
{
"trust": 0.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-132/index.html"
},
{
"trust": 0.6,
"url": "http://www.ubuntu.com/usn/usn-3899-1"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76438"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4405/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3729/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76230"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0032/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0487/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/openssl-1-0-2-information-disclosure-via-0-byte-record-padding-oracle-28600"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/3517185"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167202"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-by-ibm-qradar-siem-is-missing-a-required-cryptographic-step-cve-2019-1559/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0192/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3462/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155415/red-hat-security-advisory-2019-3929-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76782"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-the-following-opensll-vulnerability/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2383/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4255/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4297/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0102/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143442"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-openssh-and-openssl-shipped-with-ibm-security-access-manager-appliance-cve-2018-15473-cve-2019-1559/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1105965"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158377/ubuntu-security-notice-usn-4376-2.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-public-disclosed-vulnerability-from-openssl-affect-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151886/slackware-security-advisory-openssl-updates.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-1559"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10072"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10282"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k18549143?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/203.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-1559"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4376-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4376-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3899-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10139"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147651"
},
{
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"db": "PACKETSTORM",
"id": "154009"
},
{
"db": "PACKETSTORM",
"id": "158377"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "PACKETSTORM",
"id": "153932"
},
{
"db": "PACKETSTORM",
"id": "154008"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-147651"
},
{
"date": "2019-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"date": "2019-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"date": "2019-08-12T17:13:13",
"db": "PACKETSTORM",
"id": "154009"
},
{
"date": "2020-07-09T18:42:27",
"db": "PACKETSTORM",
"id": "158377"
},
{
"date": "2019-11-20T20:32:22",
"db": "PACKETSTORM",
"id": "155413"
},
{
"date": "2019-02-27T19:19:00",
"db": "PACKETSTORM",
"id": "151885"
},
{
"date": "2019-11-20T20:44:44",
"db": "PACKETSTORM",
"id": "155415"
},
{
"date": "2019-08-06T21:09:19",
"db": "PACKETSTORM",
"id": "153932"
},
{
"date": "2019-08-12T17:13:02",
"db": "PACKETSTORM",
"id": "154008"
},
{
"date": "2019-02-26T12:12:12",
"db": "PACKETSTORM",
"id": "169635"
},
{
"date": "2019-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"date": "2019-02-27T23:29:00.277000",
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-147651"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-1559"
},
{
"date": "2021-07-15T06:04:00",
"db": "JVNDB",
"id": "JVNDB-2019-002098"
},
{
"date": "2022-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-956"
},
{
"date": "2023-11-07T03:08:30.953000",
"db": "NVD",
"id": "CVE-2019-1559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151885"
},
{
"db": "PACKETSTORM",
"id": "169635"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-956"
}
],
"trust": 0.6
}
}
VAR-201909-1526
Vulnerability from variot - Updated: 2024-07-23 20:14There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4162-2 October 23, 2019
linux-azure vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816)
Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821)
Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117)
Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118)
It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505)
Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902)
It was discovered that the SMB networking file system implementation in the Linux kernel contained a buffer overread. An attacker could use this to expose sensitive information (kernel memory). (CVE-2019-15918)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: linux-image-4.15.0-1061-azure 4.15.0-1061.66~14.04.1 linux-image-azure 4.15.0.1061.47
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2020:0374-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0374 Issue date: 2020-02-04 CVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
-
kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
-
kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
-
kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
-
kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
[Azure][7.8] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it" (BZ#1766089)
-
[Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093)
-
[Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)
-
SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)
-
Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)
-
Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)
-
patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)
-
fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ#1775678)
-
Guest crash after load cpuidle-haltpoll driver (BZ#1776289)
-
RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)
-
Multiple "mv" processes hung on a gfs2 filesystem (BZ#1777297)
-
Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564)
-
core: backports from upstream (BZ#1780033)
-
kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)
-
Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1062.12.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1062.12.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm perf-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1062.12.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1062.12.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm perf-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1062.12.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
ppc64: bpftool-3.10.0-1062.12.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm kernel-devel-3.10.0-1062.12.1.el7.ppc64.rpm kernel-headers-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64.rpm perf-3.10.0-1062.12.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1062.12.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-devel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-headers-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.ppc64le.rpm perf-3.10.0-1062.12.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1062.12.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7.s390x.rpm kernel-devel-3.10.0-1062.12.1.el7.s390x.rpm kernel-headers-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.12.1.el7.s390x.rpm perf-3.10.0-1062.12.1.el7.s390x.rpm perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm python-perf-3.10.0-1062.12.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm
x86_64: bpftool-3.10.0-1062.12.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm perf-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1062.12.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm kernel-doc-3.10.0-1062.12.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1062.12.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm perf-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-14895 https://access.redhat.com/security/cve/CVE-2019-14898 https://access.redhat.com/security/cve/CVE-2019-14901 https://access.redhat.com/security/cve/CVE-2019-17133 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXjnG/NzjgjWX9erEAQiZpA/+PrziwQc9nitsDyWqtq556llAnWG2YjEK kzbq/d3Vp+7i0aaOHXNG9b6XDgR8kPSLnb/2tCUBQKmLeWEptgY6s24mXXkiAHry plZ40Xlmca9cjPQCSET7IkQyHlYcUsc9orUT3g1PsZ0uOxPQZ1ivB1utn6nyhbSg 9Az/e/9ai7R++mv4zJ7UDrDzuGPv5SOtyIcfuUyYdbuZO9OrmFsbWCRwG+cVvXJ6 q6uXlIpcWx4H7key9SiboU/VSXXPQ0E5vv1A72biDgCXhm2kYWEJXSwlLH2jJJo7 DfujB4+NSnDVp7Qu0aF/YsEiR9JQfGOOrfuNsmOSdK3Bx3p8LkS4Fd9y3H/fCwjI EOoXerSgeGjB5E/DtH24HKu1FB5ZniDJP69itCIONokq6BltVZsQRvZxpXQdmvpz hTJIkYqnuvrkv2liCc8Dr7P7EK0SBPhwhmcBMcAcPHE8BbOtEkcGzF2f2/p/CQci N0c4UhB2p+eSLq+W4qG4W/ZyyUh2oYdvPjPCrziT1qHOR4ilw9fH9b+jCxmAM7Lh wqj3yMR9YhUrEBRUUokA/wjggmI88u6I8uQatbf6Keqj1v1CykMKF3AEC5qfxwGz hk0YzSh0YK6DfybzNxcZK/skcp0Ga0vD+El/nXFI0WGXB8LsQiOUBgfp1JyAlXT6 IwzrfQ6EsXE= =mofI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Please note that the RDS protocol is blacklisted in Ubuntu by default. 7.3) - noarch, x86_64
Bug Fix(es):
-
RHEL7.5 - kernel crashed at xfs_reclaim_inodes_count+0x70/0xa0 (BZ#1795578)
-
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)
-
kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)
-
kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)
-
kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)
Bug Fix(es):
-
[xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797965)
-
port show-kabi to python3 (BZ#1806926)
-
7.6) - ppc64, ppc64le, x86_64
Bug Fix(es):
-
[PATCH] perf: Fix a race between ring_buffer_detach() and ring_buffer_wakeup() (BZ#1772826)
-
core: backports from upstream (BZ#1780031)
-
Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780160)
-
[Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783176)
Enhancement(s):
- Selective backport: perf: Sync with upstream v4.16 (BZ#1782752)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "data availability services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux compute node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "a800",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.146"
},
{
"model": "enterprise linux for real time for nfv tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.194"
},
{
"model": "a220",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "enterprise linux for real time for nfv",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.17"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux for real time tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux for power big endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6_ppc64"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time for nfv tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "fas2750",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h610s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fas2720",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time for nfv",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "c190",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "messaging realtime grid",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.2.17"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.194"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "a320",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.75"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.16.74"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "kernel",
"scope": "lt",
"trust": 0.8,
"vendor": "linux",
"version": "5.3"
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise mrg",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.17",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.194",
"versionStartIncluding": "3.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.194",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.146",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.75",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.16.74",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:messaging_realtime_grid:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
}
],
"trust": 0.6
},
"cve": "CVE-2019-14816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-14816",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-14816",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14816",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-14816",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2176",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Linux Kernel Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. =========================================================================\nUbuntu Security Notice USN-4162-2\nOctober 23, 2019\n\nlinux-azure vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. \n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not\ndid not handle detach operations correctly, leading to a use-after-free\nvulnerability. (CVE-2019-14814,\nCVE-2019-14815, CVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly perform bounds checking when handling coalesced\nMMIO write operations. A local attacker with write access to /dev/kvm could\nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel did not properly validate device meta data. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-15117)\n\nHui Peng and Mathias Payer discovered that the USB audio driver for the\nLinux kernel improperly performed recursion while handling device meta\ndata. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15118)\n\nIt was discovered that the Technisat DVB-S/S2 USB device driver in the\nLinux kernel contained a buffer overread. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexpose sensitive information. (CVE-2019-15505)\n\nBrad Spengler discovered that a Spectre mitigation was improperly\nimplemented in the ptrace susbsystem of the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information. (CVE-2019-15902)\n\nIt was discovered that the SMB networking file system implementation in the\nLinux kernel contained a buffer overread. An attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2019-15918)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n linux-image-4.15.0-1061-azure 4.15.0-1061.66~14.04.1\n linux-image-azure 4.15.0.1061.47\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2020:0374-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0374\nIssue date: 2020-02-04\nCVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 \n CVE-2019-14901 CVE-2019-17133 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi\ndriver (CVE-2019-14816)\n\n* kernel: heap-based buffer overflow in mwifiex_process_country_ie()\nfunction in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c\n(CVE-2019-14895)\n\n* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)\n\n* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in\nnet/wireless/wext-sme.c (CVE-2019-17133)\n\n* kernel: incomplete fix for race condition between\nmmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599\n(CVE-2019-14898)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [Azure][7.8] Include patch \"PCI: hv: Avoid use of hv_pci_dev-\u003epci_slot\nafter freeing it\" (BZ#1766089)\n\n* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat,\nnetwork interface(eth0) moved to new network namespace does not obtain IP\naddress. (BZ#1766093)\n\n* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed\n(BZ#1766097)\n\n* SMB3: Do not error out on large file transfers if server responds with\nSTATUS_INSUFFICIENT_RESOURCES (BZ#1767621)\n\n* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path\nfailures (BZ#1770113)\n\n* Hard lockup in free_one_page()-\u003e_raw_spin_lock() because sosreport\ncommand is reading from /proc/pagetypeinfo (BZ#1770732)\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)\n\n* fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64\n(BZ#1775678)\n\n* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)\n\n* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of\nretry delay value (BZ#1776290)\n\n* Multiple \"mv\" processes hung on a gfs2 filesystem (BZ#1777297)\n\n* Moving Egress IP will result in conntrack sessions being DESTROYED\n(BZ#1779564)\n\n* core: backports from upstream (BZ#1780033)\n\n* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)\n\n* Race between tty_open() and flush_to_ldisc() using the\ntty_struct-\u003edriver_data field. (BZ#1780163)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1062.12.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1062.12.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1062.12.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-devel-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-headers-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1062.12.1.el7.s390x.rpm\nperf-3.10.0-1062.12.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\npython-perf-3.10.0-1062.12.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1062.12.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1062.12.1.el7.noarch.rpm\nkernel-doc-3.10.0-1062.12.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1062.12.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1062.12.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1062.12.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14816\nhttps://access.redhat.com/security/cve/CVE-2019-14895\nhttps://access.redhat.com/security/cve/CVE-2019-14898\nhttps://access.redhat.com/security/cve/CVE-2019-14901\nhttps://access.redhat.com/security/cve/CVE-2019-17133\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXjnG/NzjgjWX9erEAQiZpA/+PrziwQc9nitsDyWqtq556llAnWG2YjEK\nkzbq/d3Vp+7i0aaOHXNG9b6XDgR8kPSLnb/2tCUBQKmLeWEptgY6s24mXXkiAHry\nplZ40Xlmca9cjPQCSET7IkQyHlYcUsc9orUT3g1PsZ0uOxPQZ1ivB1utn6nyhbSg\n9Az/e/9ai7R++mv4zJ7UDrDzuGPv5SOtyIcfuUyYdbuZO9OrmFsbWCRwG+cVvXJ6\nq6uXlIpcWx4H7key9SiboU/VSXXPQ0E5vv1A72biDgCXhm2kYWEJXSwlLH2jJJo7\nDfujB4+NSnDVp7Qu0aF/YsEiR9JQfGOOrfuNsmOSdK3Bx3p8LkS4Fd9y3H/fCwjI\nEOoXerSgeGjB5E/DtH24HKu1FB5ZniDJP69itCIONokq6BltVZsQRvZxpXQdmvpz\nhTJIkYqnuvrkv2liCc8Dr7P7EK0SBPhwhmcBMcAcPHE8BbOtEkcGzF2f2/p/CQci\nN0c4UhB2p+eSLq+W4qG4W/ZyyUh2oYdvPjPCrziT1qHOR4ilw9fH9b+jCxmAM7Lh\nwqj3yMR9YhUrEBRUUokA/wjggmI88u6I8uQatbf6Keqj1v1CykMKF3AEC5qfxwGz\nhk0YzSh0YK6DfybzNxcZK/skcp0Ga0vD+El/nXFI0WGXB8LsQiOUBgfp1JyAlXT6\nIwzrfQ6EsXE=\n=mofI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Please note that the RDS protocol is blacklisted in Ubuntu by\ndefault. 7.3) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* RHEL7.5 - kernel crashed at xfs_reclaim_inodes_count+0x70/0xa0\n(BZ#1795578)\n\n4. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt]\n(BZ#1772522)\n\n* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)\n\n* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency\nrequirement (BZ#1781157)\n\n* kernel-rt: hard lockup panic in during execution of CFS bandwidth period\ntimer (BZ#1788057)\n\n4. \n\nBug Fix(es):\n\n* [xfstests]: copy_file_range cause corruption on rhel-7 (BZ#1797965)\n\n* port show-kabi to python3 (BZ#1806926)\n\n4. 7.6) - ppc64, ppc64le, x86_64\n\n3. \n\nBug Fix(es):\n\n* [PATCH] perf: Fix a race between ring_buffer_detach() and\nring_buffer_wakeup() (BZ#1772826)\n\n* core: backports from upstream (BZ#1780031)\n\n* Race between tty_open() and flush_to_ldisc() using the\ntty_struct-\u003edriver_data field. (BZ#1780160)\n\n* [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback\nwhen removing a mem cgroup (BZ#1783176)\n\nEnhancement(s):\n\n* Selective backport: perf: Sync with upstream v4.16 (BZ#1782752)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14816"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "PACKETSTORM",
"id": "154948"
},
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "154897"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14816",
"trust": 3.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/08/28/1",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "155212",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "154951",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009588",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "154897",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156216",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157140",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156608",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156020",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0415",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3817",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1172",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4252",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3570",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4346",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0790",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3064",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3897",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3835",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4346.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1248",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156603",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156602",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "PACKETSTORM",
"id": "154948"
},
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "154897"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"id": "VAR-201909-1526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25113124
},
"last_update_date": "2024-07-23T20:14:55.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings",
"trust": 0.8,
"url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3"
},
{
"title": "Linux Kernel Archives",
"trust": 0.8,
"url": "http://www.kernel.org"
},
{
"title": "Bug 1744149",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14816"
},
{
"title": "CVE-2019-14816",
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-14816"
},
{
"title": "Linux kernel Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=97659"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-120",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.openwall.com/lists/oss-security/2019/08/28/1"
},
{
"trust": 2.8,
"url": "https://access.redhat.com/security/cve/cve-2019-14816"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0374"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816"
},
{
"trust": 2.2,
"url": "https://usn.ubuntu.com/4157-1/"
},
{
"trust": 2.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0339"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0661"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0653"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0375"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0664"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4163-2/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4162-1/"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2020:0328"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"trust": 1.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o3rudqjxrjqvghcgr4yzwtq3ecbi7txh/"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2020:0204"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4163-1/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4162-2/"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html"
},
{
"trust": 1.6,
"url": "https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14816"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"trust": 1.6,
"url": "https://seclists.org/bugtraq/2019/nov/11"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2020:0174"
},
{
"trust": 1.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t4jz6aeukfwbhqarogmqarj274pqp2qp/"
},
{
"trust": 1.6,
"url": "https://usn.ubuntu.com/4157-2/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o3rudqjxrjqvghcgr4yzwtq3ecbi7txh/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t4jz6aeukfwbhqarogmqarj274pqp2qp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14816"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/errata/rhsa-2020:1347"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1744149"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2020:1353"
},
{
"trust": 0.6,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2020:1266"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html"
},
{
"trust": 0.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192658-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192651-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192424-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192414-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192412-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192648-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156608/red-hat-security-advisory-2020-0664-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-buffer-overflow-via-net-wireless-marvell-mwifiex-30180"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3570/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1248/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4346/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0415/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4252/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157140/red-hat-security-advisory-2020-1347-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3835/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156020/red-hat-security-advisory-2020-0174-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3817/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0790/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154897/ubuntu-security-notice-usn-4157-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156216/red-hat-security-advisory-2020-0375-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1172/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3897/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3064/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17133"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14895"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17133"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-14895"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15505"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15902"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17666"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17666"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4162-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15918"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4162-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20976"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1019.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1020.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4157-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-32.34"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2181"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1024.25"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16714"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1020.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20856"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "PACKETSTORM",
"id": "154948"
},
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "154897"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"db": "PACKETSTORM",
"id": "154948"
},
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "154897"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"date": "2019-10-23T18:28:53",
"db": "PACKETSTORM",
"id": "154948"
},
{
"date": "2020-02-05T18:37:11",
"db": "PACKETSTORM",
"id": "156213"
},
{
"date": "2020-03-03T14:09:01",
"db": "PACKETSTORM",
"id": "156603"
},
{
"date": "2019-10-17T15:18:45",
"db": "PACKETSTORM",
"id": "154897"
},
{
"date": "2020-03-03T14:08:50",
"db": "PACKETSTORM",
"id": "156602"
},
{
"date": "2020-02-05T18:49:35",
"db": "PACKETSTORM",
"id": "156216"
},
{
"date": "2020-04-07T16:41:32",
"db": "PACKETSTORM",
"id": "157140"
},
{
"date": "2020-03-03T16:33:49",
"db": "PACKETSTORM",
"id": "156608"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"date": "2019-09-20T19:15:11.767000",
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009588"
},
{
"date": "2023-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2176"
},
{
"date": "2023-07-12T19:27:37.873000",
"db": "NVD",
"id": "CVE-2019-14816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "154897"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2176"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel Vulnerable to classic buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "156213"
},
{
"db": "PACKETSTORM",
"id": "156603"
},
{
"db": "PACKETSTORM",
"id": "156602"
},
{
"db": "PACKETSTORM",
"id": "156216"
},
{
"db": "PACKETSTORM",
"id": "157140"
},
{
"db": "PACKETSTORM",
"id": "156608"
}
],
"trust": 0.6
}
}
VAR-202010-0251
Vulnerability from variot - Updated: 2024-07-23 20:13In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.
Bug Fix(es):
-
Gather image registry config (backport to 4.3) (BZ#1836815)
-
Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)
-
Login with OpenShift not working after cluster upgrade (BZ#1852429)
-
Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)
-
[4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)
-
[release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64
The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le
The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc
- Solution:
For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
- Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.
This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
- Description:
Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks.
The advisory addresses the following issues:
-
Re-release of odo-init-image 1.1.3 for security updates
-
Solution:
Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1832983 - Release of 1.1.3 odo-init-image
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary:
An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):
-
nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
-
nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
-
nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007)
-
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm
ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm
x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm
aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm
ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm
ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm
ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.46"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "network security services",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox mx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1400",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1500",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1501",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1510",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1511",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1512",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.14.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.46",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161916"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159552"
}
],
"trust": 0.7
},
"cve": "CVE-2019-17006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-17006",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17006",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17006",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with container images for Red Hat 3scale\nAPI Management 2.10.0. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. Description:\n\nRed Hat OpenShift Do (odo) is a simple CLI tool for developers to create,\nbuild, and deploy applications on OpenShift. The odo tool is completely\nclient-based and requires no server within the OpenShift cluster for\ndeployment. It detects changes to local code and deploys it to the cluster\nautomatically, giving instant feedback to validate changes in real-time. It\nsupports multiple programming languages and frameworks. \n\nThe advisory addresses the following issues:\n\n* Re-release of odo-init-image 1.1.3 for security updates\n\n3. Solution:\n\nDownload and install a new CLI binary by following the instructions linked\nfrom the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1832983 - Release of 1.1.3 odo-init-image\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: nss and nss-softokn security update\nAdvisory ID: RHSA-2021:0876-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0876\nIssue date: 2021-03-16\nCVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007\n CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss and nss-softokn is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nSecurity Fix(es):\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Handling of Netscape Certificate Sequences in\nCERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n(CVE-2019-17007)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nppc64:\nnss-3.36.0-9.el7_6.ppc.rpm\nnss-3.36.0-9.el7_6.ppc64.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-devel-3.36.0-9.el7_6.ppc.rpm\nnss-devel-3.36.0-9.el7_6.ppc64.rpm\nnss-softokn-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64.rpm\nnss-tools-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\naarch64:\nnss-3.36.0-9.el7_6.aarch64.rpm\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-devel-3.36.0-9.el7_6.aarch64.rpm\nnss-softokn-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-sysinit-3.36.0-9.el7_6.aarch64.rpm\nnss-tools-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17007\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP\njCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5\nEm5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J\no0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm\nmttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn\nwLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5\n5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR\niobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b\n8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16\n1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z\nIFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6\nBbaFUBBSJpw=m1vv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161916"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159552"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17006",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159661",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159553",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161842",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3535",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2650",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0933",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3461",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0053",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0834",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2446",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1091",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1207",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159396",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161706",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158724",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159497",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155889",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162026",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021043017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159552",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161916"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159552"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"id": "VAR-202010-0251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2024-07-23T20:13:10.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210129-0001 Siemens Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
},
{
"title": "Mozilla Network Security Services Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105845"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4231-1"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203280 - security advisory"
},
{
"title": "IBM: Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204076 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
},
{
"title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204201 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204255 - security advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204254 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory"
},
{
"title": "zot",
"trust": 0.1,
"url": "https://github.com/anuvu/zot "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 1.7,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4231-1/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2020/dla-2058"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18874"
},
{
"trust": 0.2,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14365"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2181"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2182"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4254"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161916"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159552"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "PACKETSTORM",
"id": "159661"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159553"
},
{
"db": "PACKETSTORM",
"id": "161916"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159552"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"date": "2021-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"date": "2020-10-21T15:40:32",
"db": "PACKETSTORM",
"id": "159661"
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142"
},
{
"date": "2021-04-08T14:00:00",
"db": "PACKETSTORM",
"id": "162130"
},
{
"date": "2020-10-14T16:52:18",
"db": "PACKETSTORM",
"id": "159553"
},
{
"date": "2021-03-22T15:36:55",
"db": "PACKETSTORM",
"id": "161916"
},
{
"date": "2021-03-17T14:35:53",
"db": "PACKETSTORM",
"id": "161842"
},
{
"date": "2020-10-14T16:52:12",
"db": "PACKETSTORM",
"id": "159552"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"date": "2020-10-22T21:15:12.560000",
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"date": "2021-05-12T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Network\u00a0Security\u00a0Services\u00a0 Vulnerability for inadequate validation of data reliability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
}
}
VAR-202101-1926
Vulnerability from variot - Updated: 2024-07-23 20:13Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Summary:
Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description:
Red Hat Ansible Automation Platform Resource Operator container images with security fixes.
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0221-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0221 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary:
An update for sudo is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
- sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: sudo-1.8.23-10.el7_9.1.src.rpm
x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: sudo-1.8.23-10.el7_9.1.src.rpm
x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: sudo-1.8.23-10.el7_9.1.src.rpm
ppc64: sudo-1.8.23-10.el7_9.1.ppc64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm
ppc64le: sudo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm
s390x: sudo-1.8.23-10.el7_9.1.s390x.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm
x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: sudo-debuginfo-1.8.23-10.el7_9.1.ppc.rpm sudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm sudo-devel-1.8.23-10.el7_9.1.ppc.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64.rpm
ppc64le: sudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm sudo-devel-1.8.23-10.el7_9.1.ppc64le.rpm
s390x: sudo-debuginfo-1.8.23-10.el7_9.1.s390.rpm sudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm sudo-devel-1.8.23-10.el7_9.1.s390.rpm sudo-devel-1.8.23-10.el7_9.1.s390x.rpm
x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: sudo-1.8.23-10.el7_9.1.src.rpm
x86_64: sudo-1.8.23-10.el7_9.1.x86_64.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: sudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm sudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm sudo-devel-1.8.23-10.el7_9.1.i686.rpm sudo-devel-1.8.23-10.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBB9QtzjgjWX9erEAQjMkQ/+PUDUX16Tnzqt7l1CsDAkHsT89EyY1keR 5XAlnrEv0nfw+/Feb2zhjlAlGbZSE1pTHOB4WarZzz2edZW5PRDw2SnljPToGoF2 6e4rlxRMJzFzc1WiOl5VgIq2LsOrqE1x3smwx7UGloMNmld/wgNKzFyddlR3ya0/ k78GAgUD2K/riILpeSG9M3jkK6IX/ecAOV8cK4GnmVAyrc/I0ud+wp+AFaQdKOUd DJ08C4ktxCEDZnCMV7X0fheoVB08T2VUPqM3AT0mP8Q07RWElFNAYYzS0/0ABGdd G/bRXDOiP0Qp92gMjWi4zu8JJk1Yyt8vnXII30gr2dd4f/8O0X6N+fntkhpc86N0 mdXrPNBDXC6YJqahqtTH3ZMNWj37kSX5O0QIxRMMySIuPEhLdkF0A4CBGcP1qpaN BQf/nNAvYlkz70QTL91JkUL98X0Ih+O6IAPxT//C90VXwXTb2+XmBBYjA24/gHJn kpv9ZzJfeCSCVoa019u3r/8pkMIfiN69GpO2FQTJCP4MbIJPHeANp2lYEA+KHPqE XJvy0qh3YEs741KxKwzbaMgOTrYsoMvKhVeJZm0t5bpU5Y5TTF9fCVan8uJ8ke6d buQej1iyBUvPq+gMQvJhwiP1Q2rvgxPmHP+L3Awo9tTqm6b7WsqdRq5K+B025v+d NdZXKIPEQVY=7/vM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Bug Fix(es):
- When performing an upgrade of the Red Hat Virtualization Host using the
command
yum update, the yum repository for RHV 4.3 EUS is unreachable
As a workaround, run the following command:
# yum update --releasever=7Server (BZ#1899378)
- Bugs fixed (https://bugzilla.redhat.com/):
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1899378 - rhel-7-server-rhvh-4.3-eus-rpms repo is unavailable 1916111 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #3 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing
- ========================================================================== Ubuntu Security Notice USN-4705-2 January 27, 2021
sudo vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: sudo 1.8.9p5-1ubuntu1.5+esm6
Ubuntu 12.04 ESM: sudo 1.8.3p1-1ubuntu3.10
In general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-1926",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "micros workstation 6",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "610"
},
{
"model": "micros workstation 6",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "655"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "sudo",
"scope": "eq",
"trust": 1.0,
"vendor": "sudo",
"version": "1.9.5"
},
{
"model": "micros compact workstation 3",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "310"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.17"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "privilege management for mac",
"scope": "lt",
"trust": 1.0,
"vendor": "beyondtrust",
"version": "21.1.1"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "micros workstation 5a",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5a"
},
{
"model": "sudo",
"scope": "gte",
"trust": 1.0,
"vendor": "sudo",
"version": "1.9.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "privilege management for unix\\/linux",
"scope": "lt",
"trust": 1.0,
"vendor": "beyondtrust",
"version": "10.3.2-10"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "diskstation manager unified controller",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.0"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "micros es400",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "400"
},
{
"model": "sudo",
"scope": "lt",
"trust": 1.0,
"vendor": "sudo",
"version": "1.9.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.8"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "micros es400",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "410"
},
{
"model": "micros kitchen display system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "210"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sudo",
"scope": "gte",
"trust": 1.0,
"vendor": "sudo",
"version": "1.8.2"
},
{
"model": "sudo",
"scope": "lt",
"trust": 1.0,
"vendor": "sudo",
"version": "1.8.32"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.0.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sudo_project:sudo:1.9.5:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.5",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sudo_project:sudo:1.9.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.32",
"versionStartIncluding": "1.8.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:9.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:10.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:beyondtrust:privilege_management_for_unix\\/linux:*:*:*:*:basic:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.3.2-10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:micros_compact_workstation_3_firmware:310:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:micros_compact_workstation_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:micros_es400_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "410",
"versionStartIncluding": "400",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:micros_es400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:micros_kitchen_display_system_firmware:210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:micros_kitchen_display_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:micros_workstation_5a_firmware:5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:micros_workstation_5a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:micros_workstation_6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "655",
"versionStartIncluding": "610",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:micros_workstation_6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161138"
}
],
"trust": 0.5
},
"cve": "CVE-2021-3156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-383931",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-3156",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-383931",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character. Summary:\n\nRed Hat Ansible Automation Platform Resource Operator 1.2 (technical\npreview) images that fix several security issues. Description:\n\nRed Hat Ansible Automation Platform Resource Operator container images\nwith security fixes. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: sudo security update\nAdvisory ID: RHSA-2021:0221-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0221\nIssue date: 2021-01-26\nCVE Names: CVE-2021-3156\n====================================================================\n1. Summary:\n\nAn update for sudo is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes, without\nhaving to log in as root. \n\nSecurity Fix(es):\n\n* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nsudo-1.8.23-10.el7_9.1.src.rpm\n\nx86_64:\nsudo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nsudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-devel-1.8.23-10.el7_9.1.i686.rpm\nsudo-devel-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nsudo-1.8.23-10.el7_9.1.src.rpm\n\nx86_64:\nsudo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nsudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-devel-1.8.23-10.el7_9.1.i686.rpm\nsudo-devel-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsudo-1.8.23-10.el7_9.1.src.rpm\n\nppc64:\nsudo-1.8.23-10.el7_9.1.ppc64.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm\n\nppc64le:\nsudo-1.8.23-10.el7_9.1.ppc64le.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm\n\ns390x:\nsudo-1.8.23-10.el7_9.1.s390x.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm\n\nx86_64:\nsudo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsudo-debuginfo-1.8.23-10.el7_9.1.ppc.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.ppc64.rpm\nsudo-devel-1.8.23-10.el7_9.1.ppc.rpm\nsudo-devel-1.8.23-10.el7_9.1.ppc64.rpm\n\nppc64le:\nsudo-debuginfo-1.8.23-10.el7_9.1.ppc64le.rpm\nsudo-devel-1.8.23-10.el7_9.1.ppc64le.rpm\n\ns390x:\nsudo-debuginfo-1.8.23-10.el7_9.1.s390.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.s390x.rpm\nsudo-devel-1.8.23-10.el7_9.1.s390.rpm\nsudo-devel-1.8.23-10.el7_9.1.s390x.rpm\n\nx86_64:\nsudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-devel-1.8.23-10.el7_9.1.i686.rpm\nsudo-devel-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsudo-1.8.23-10.el7_9.1.src.rpm\n\nx86_64:\nsudo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsudo-debuginfo-1.8.23-10.el7_9.1.i686.rpm\nsudo-debuginfo-1.8.23-10.el7_9.1.x86_64.rpm\nsudo-devel-1.8.23-10.el7_9.1.i686.rpm\nsudo-devel-1.8.23-10.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3156\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBB9QtzjgjWX9erEAQjMkQ/+PUDUX16Tnzqt7l1CsDAkHsT89EyY1keR\n5XAlnrEv0nfw+/Feb2zhjlAlGbZSE1pTHOB4WarZzz2edZW5PRDw2SnljPToGoF2\n6e4rlxRMJzFzc1WiOl5VgIq2LsOrqE1x3smwx7UGloMNmld/wgNKzFyddlR3ya0/\nk78GAgUD2K/riILpeSG9M3jkK6IX/ecAOV8cK4GnmVAyrc/I0ud+wp+AFaQdKOUd\nDJ08C4ktxCEDZnCMV7X0fheoVB08T2VUPqM3AT0mP8Q07RWElFNAYYzS0/0ABGdd\nG/bRXDOiP0Qp92gMjWi4zu8JJk1Yyt8vnXII30gr2dd4f/8O0X6N+fntkhpc86N0\nmdXrPNBDXC6YJqahqtTH3ZMNWj37kSX5O0QIxRMMySIuPEhLdkF0A4CBGcP1qpaN\nBQf/nNAvYlkz70QTL91JkUL98X0Ih+O6IAPxT//C90VXwXTb2+XmBBYjA24/gHJn\nkpv9ZzJfeCSCVoa019u3r/8pkMIfiN69GpO2FQTJCP4MbIJPHeANp2lYEA+KHPqE\nXJvy0qh3YEs741KxKwzbaMgOTrYsoMvKhVeJZm0t5bpU5Y5TTF9fCVan8uJ8ke6d\nbuQej1iyBUvPq+gMQvJhwiP1Q2rvgxPmHP+L3Awo9tTqm6b7WsqdRq5K+B025v+d\nNdZXKIPEQVY=7/vM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. These packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand performing administrative tasks. \n\nBug Fix(es):\n\n* When performing an upgrade of the Red Hat Virtualization Host using the\ncommand `yum update`, the yum repository for RHV 4.3 EUS is unreachable\n\nAs a workaround, run the following command:\n`# yum update --releasever=7Server` (BZ#1899378)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1899378 - rhel-7-server-rhvh-4.3-eus-rpms repo is unavailable\n1916111 - Rebase RHV-H 4.3 EUS on RHEL 7.9.z #3\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n\n6. ==========================================================================\nUbuntu Security Notice USN-4705-2\nJanuary 27, 2021\n\nsudo vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Sudo. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Sudo incorrectly handled memory when parsing command\n lines. A local attacker could possibly use this issue to obtain unintended\n access to the administrator account. (CVE-2021-3156)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n sudo 1.8.9p5-1ubuntu1.5+esm6\n\nUbuntu 12.04 ESM:\n sudo 1.8.3p1-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3156"
},
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161163"
},
{
"db": "PACKETSTORM",
"id": "161138"
}
],
"trust": 1.53
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-383931",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3156",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161230",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "161160",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "161270",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "161293",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10348",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/01/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/01/26/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/02/15/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/01/27/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/14/2",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#794544",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/01/30/8",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/01/30/6",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "176932",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "161163",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161143",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161138",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161272",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161139",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161152",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161140",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161142",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161398",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161281",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161137",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161145",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99117",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-383931",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161163"
},
{
"db": "PACKETSTORM",
"id": "161138"
},
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"id": "VAR-202101-1926",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:13:02.874000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sudo-privesc-jan2021-qnyqfcm"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212177"
},
{
"trust": 1.1,
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"trust": 1.1,
"url": "https://www.synology.com/security/advisory/synology_sa_21_02"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/jan/79"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/feb/42"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/161160/sudo-heap-based-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/161230/sudo-buffer-overflow-privilege-escalation.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/161270/sudo-1.9.5p1-buffer-overflow-privilege-escalation.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/161293/sudo-1.8.31p2-1.9.5p1-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-heap-based-buffer-overflow.html"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/feb/3"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10348"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10348"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0225"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0395"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4705-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4705-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0218"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161163"
},
{
"db": "PACKETSTORM",
"id": "161138"
},
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-383931"
},
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161163"
},
{
"db": "PACKETSTORM",
"id": "161138"
},
{
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-383931"
},
{
"date": "2021-01-27T14:06:12",
"db": "PACKETSTORM",
"id": "161139"
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142"
},
{
"date": "2021-01-27T14:06:46",
"db": "PACKETSTORM",
"id": "161143"
},
{
"date": "2021-02-03T16:22:29",
"db": "PACKETSTORM",
"id": "161272"
},
{
"date": "2021-01-28T13:59:34",
"db": "PACKETSTORM",
"id": "161163"
},
{
"date": "2021-01-27T14:06:02",
"db": "PACKETSTORM",
"id": "161138"
},
{
"date": "2021-01-26T21:15:12.987000",
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-383931"
},
{
"date": "2024-07-09T18:27:53.967000",
"db": "NVD",
"id": "CVE-2021-3156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "161163"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-0225-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "161139"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, root",
"sources": [
{
"db": "PACKETSTORM",
"id": "161139"
},
{
"db": "PACKETSTORM",
"id": "161143"
},
{
"db": "PACKETSTORM",
"id": "161138"
}
],
"trust": 0.3
}
}
VAR-201909-0695
Vulnerability from variot - Updated: 2024-07-23 20:01A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64
- (CVE-2019-14835)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. (CVE-2019-15031)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: linux-image-5.0.0-1016-aws 5.0.0-1016.18 linux-image-5.0.0-1017-gcp 5.0.0-1017.17 linux-image-5.0.0-1017-kvm 5.0.0-1017.18 linux-image-5.0.0-1017-raspi2 5.0.0-1017.17 linux-image-5.0.0-1020-azure 5.0.0-1020.21 linux-image-5.0.0-1021-snapdragon 5.0.0-1021.22 linux-image-5.0.0-29-generic 5.0.0-29.31 linux-image-5.0.0-29-generic-lpae 5.0.0-29.31 linux-image-5.0.0-29-lowlatency 5.0.0-29.31 linux-image-aws 5.0.0.1016.17 linux-image-azure 5.0.0.1020.19 linux-image-gcp 5.0.0.1017.43 linux-image-generic 5.0.0.29.30 linux-image-generic-lpae 5.0.0.29.30 linux-image-gke 5.0.0.1017.43 linux-image-kvm 5.0.0.1017.17 linux-image-lowlatency 5.0.0.29.30 linux-image-raspi2 5.0.0.1017.14 linux-image-snapdragon 5.0.0.1021.14 linux-image-virtual 5.0.0.29.30
Ubuntu 18.04 LTS: linux-image-4.15.0-1025-oracle 4.15.0-1025.28 linux-image-4.15.0-1044-gcp 4.15.0-1044.70 linux-image-4.15.0-1044-gke 4.15.0-1044.46 linux-image-4.15.0-1046-kvm 4.15.0-1046.46 linux-image-4.15.0-1047-raspi2 4.15.0-1047.51 linux-image-4.15.0-1050-aws 4.15.0-1050.52 linux-image-4.15.0-1056-oem 4.15.0-1056.65 linux-image-4.15.0-1064-snapdragon 4.15.0-1064.71 linux-image-4.15.0-64-generic 4.15.0-64.73 linux-image-4.15.0-64-generic-lpae 4.15.0-64.73 linux-image-4.15.0-64-lowlatency 4.15.0-64.73 linux-image-5.0.0-1017-gke 5.0.0-1017.17~18.04.1 linux-image-5.0.0-1020-azure 5.0.0-1020.21~18.04.1 linux-image-5.0.0-29-generic 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-generic-lpae 5.0.0-29.31~18.04.1 linux-image-5.0.0-29-lowlatency 5.0.0-29.31~18.04.1 linux-image-aws 4.15.0.1050.49 linux-image-azure 5.0.0.1020.30 linux-image-gcp 4.15.0.1044.70 linux-image-generic 4.15.0.64.66 linux-image-generic-hwe-18.04 5.0.0.29.86 linux-image-generic-lpae 4.15.0.64.66 linux-image-generic-lpae-hwe-18.04 5.0.0.29.86 linux-image-gke 4.15.0.1044.47 linux-image-gke-4.15 4.15.0.1044.47 linux-image-gke-5.0 5.0.0.1017.7 linux-image-kvm 4.15.0.1046.46 linux-image-lowlatency 4.15.0.64.66 linux-image-lowlatency-hwe-18.04 5.0.0.29.86 linux-image-oem 4.15.0.1056.60 linux-image-oracle 4.15.0.1025.28 linux-image-powerpc-e500mc 4.15.0.64.66 linux-image-powerpc-smp 4.15.0.64.66 linux-image-powerpc64-emb 4.15.0.64.66 linux-image-powerpc64-smp 4.15.0.64.66 linux-image-raspi2 4.15.0.1047.45 linux-image-snapdragon 4.15.0.1064.67 linux-image-snapdragon-hwe-18.04 5.0.0.29.86 linux-image-virtual 4.15.0.64.66 linux-image-virtual-hwe-18.04 5.0.0.29.86
Ubuntu 16.04 LTS: linux-image-4.15.0-1025-oracle 4.15.0-1025.28~16.04.1 linux-image-4.15.0-1044-gcp 4.15.0-1044.46 linux-image-4.15.0-1050-aws 4.15.0-1050.52~16.04.1 linux-image-4.15.0-1059-azure 4.15.0-1059.64 linux-image-4.15.0-64-generic 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-generic-lpae 4.15.0-64.73~16.04.1 linux-image-4.15.0-64-lowlatency 4.15.0-64.73~16.04.1 linux-image-4.4.0-1058-kvm 4.4.0-1058.65 linux-image-4.4.0-1094-aws 4.4.0-1094.105 linux-image-4.4.0-1122-raspi2 4.4.0-1122.131 linux-image-4.4.0-1126-snapdragon 4.4.0-1126.132 linux-image-4.4.0-164-generic 4.4.0-164.192 linux-image-4.4.0-164-generic-lpae 4.4.0-164.192 linux-image-4.4.0-164-lowlatency 4.4.0-164.192 linux-image-4.4.0-164-powerpc-e500mc 4.4.0-164.192 linux-image-4.4.0-164-powerpc-smp 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-emb 4.4.0-164.192 linux-image-4.4.0-164-powerpc64-smp 4.4.0-164.192 linux-image-aws 4.4.0.1094.98 linux-image-aws-hwe 4.15.0.1050.50 linux-image-azure 4.15.0.1059.62 linux-image-gcp 4.15.0.1044.58 linux-image-generic 4.4.0.164.172 linux-image-generic-hwe-16.04 4.15.0.64.84 linux-image-generic-lpae 4.4.0.164.172 linux-image-generic-lpae-hwe-16.04 4.15.0.64.84 linux-image-gke 4.15.0.1044.58 linux-image-kvm 4.4.0.1058.58 linux-image-lowlatency 4.4.0.164.172 linux-image-lowlatency-hwe-16.04 4.15.0.64.84 linux-image-oem 4.15.0.64.84 linux-image-oracle 4.15.0.1025.18 linux-image-powerpc-e500mc 4.4.0.164.172 linux-image-powerpc-smp 4.4.0.164.172 linux-image-powerpc64-emb 4.4.0.164.172 linux-image-powerpc64-smp 4.4.0.164.172 linux-image-raspi2 4.4.0.1122.122 linux-image-snapdragon 4.4.0.1126.118 linux-image-virtual 4.4.0.164.172 linux-image-virtual-hwe-16.04 4.15.0.64.84
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. ========================================================================== Kernel Live Patch Security Notice 0058-1 October 22, 2019
linux vulnerability
A security issue affects these releases of Ubuntu:
| Series | Base kernel | Arch | flavors | |------------------+--------------+----------+------------------| | Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency | | Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem | | Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic | | Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency |
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux: Linux kernel
Details:
It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2016-10905)
It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-20856)
It was discovered that the USB gadget Midi driver in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-20961)
It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-20976)
It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008)
It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)
It was discovered that the Linux kernel on ARM processors allowed a tracing process to modify a syscall after a seccomp decision had been made on that syscall. A local attacker could possibly use this to bypass seccomp restrictions. (CVE-2019-2054)
It was discovered that an integer overflow existed in the Binder implementation of the Linux kernel, leading to a buffer overflow. A local attacker could use this to escalate privileges. (CVE-2019-2181)
It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)
It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)
It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)
Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477)
Jonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478)
It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)
It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614)
It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)
It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)
Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814)
Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14815)
Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14816)
Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821)
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. (CVE-2019-14835)
Update instructions:
The problem can be corrected by updating your livepatches to the following versions:
| Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-148.174 | 58.1 | lowlatency, generic | | 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-150.176 | 58.1 | generic, lowlatency | | 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-151.178 | 58.1 | lowlatency, generic | | 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-154.181 | 58.1 | lowlatency, generic | | 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-157.185 | 58.1 | lowlatency, generic | | 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-159.187 | 58.1 | lowlatency, generic | | 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency | | 4.4.0-161.189 | 58.1 | lowlatency, generic | | 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-164.192 | 58.1 | lowlatency, generic | | 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic | | 4.4.0-165.193 | 58.1 | generic, lowlatency | | 4.4.0-1083.93 | 58.1 | aws | | 4.4.0-1084.94 | 58.1 | aws | | 4.4.0-1085.96 | 58.1 | aws | | 4.4.0-1087.98 | 58.1 | aws | | 4.4.0-1088.99 | 58.1 | aws | | 4.4.0-1090.101 | 58.1 | aws | | 4.4.0-1092.103 | 58.1 | aws | | 4.4.0-1094.105 | 58.1 | aws | | 4.15.0-50.54 | 58.1 | generic, lowlatency | | 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-51.55 | 58.1 | generic, lowlatency | | 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-52.56 | 58.1 | lowlatency, generic | | 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-54.58 | 58.1 | generic, lowlatency | | 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-55.60 | 58.1 | generic, lowlatency | | 4.15.0-58.64 | 58.1 | generic, lowlatency | | 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-60.67 | 58.1 | lowlatency, generic | | 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency | | 4.15.0-62.69 | 58.1 | generic, lowlatency | | 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-64.73 | 58.1 | generic, lowlatency | | 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic | | 4.15.0-65.74 | 58.1 | lowlatency, generic | | 4.15.0-1038.43 | 58.1 | oem | | 4.15.0-1039.41 | 58.1 | aws | | 4.15.0-1039.44 | 58.1 | oem | | 4.15.0-1040.42 | 58.1 | aws | | 4.15.0-1041.43 | 58.1 | aws | | 4.15.0-1043.45 | 58.1 | aws | | 4.15.0-1043.48 | 58.1 | oem | | 4.15.0-1044.46 | 58.1 | aws | | 4.15.0-1045.47 | 58.1 | aws | | 4.15.0-1045.50 | 58.1 | oem | | 4.15.0-1047.49 | 58.1 | aws | | 4.15.0-1047.51 | 58.1 | azure | | 4.15.0-1048.50 | 58.1 | aws | | 4.15.0-1049.54 | 58.1 | azure | | 4.15.0-1050.52 | 58.1 | aws | | 4.15.0-1050.55 | 58.1 | azure | | 4.15.0-1050.57 | 58.1 | oem | | 4.15.0-1051.53 | 58.1 | aws | | 4.15.0-1051.56 | 58.1 | azure | | 4.15.0-1052.57 | 58.1 | azure | | 4.15.0-1055.60 | 58.1 | azure | | 4.15.0-1056.61 | 58.1 | azure | | 4.15.0-1056.65 | 58.1 | oem | | 4.15.0-1057.62 | 58.1 | azure | | 4.15.0-1057.66 | 58.1 | oem | | 4.15.0-1059.64 | 58.1 | azure | | 5.0.0-1014.14~18.04.1 | 58.1 | azure | | 5.0.0-1016.17~18.04.1 | 58.1 | azure | | 5.0.0-1018.19~18.04.1 | 58.1 | azure | | 5.0.0-1020.21~18.04.1 | 58.1 | azure |
Support Information:
Kernels older than the levels listed below do not receive livepatch updates. Please upgrade your kernel as soon as possible.
| Series | Version | Flavors | |------------------+------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1039 | aws | | Ubuntu 16.04 LTS | 4.4.0-1083 | aws | | Ubuntu 18.04 LTS | 5.0.0-1000 | azure | | Ubuntu 16.04 LTS | 4.15.0-1047 | azure | | Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1038 | oem | | Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency |
References: CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14821, CVE-2019-14835
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce .
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/: Upgraded. These updates fix various bugs and security issues. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages:
0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz
Slackware x86_64 14.2 packages: 6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz dadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz f5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz a5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz 5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash
Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.199-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.199 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.
If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. 7) - aarch64, noarch, ppc64le
- These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update Advisory ID: RHSA-2019:2867-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2867 Issue date: 2019-09-23 CVE Names: CVE-2019-14835 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64
-
(CVE-2019-14835)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: kernel-3.10.0-693.59.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: kernel-3.10.0-693.59.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
ppc64le: kernel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.59.1.el7.ppc64le.rpm perf-3.10.0-693.59.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: kernel-3.10.0-693.59.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm kernel-doc-3.10.0-693.59.1.el7.noarch.rpm
x86_64: kernel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-devel-3.10.0-693.59.1.el7.x86_64.rpm kernel-headers-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm perf-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le: kernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.4):
x86_64: kernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14835 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/kernel-vhost
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXYi86tzjgjWX9erEAQi1YA//SFbLNTK8xgMJM4UXWUDM7d1LMS/f79kZ C+qG3/+OUqyltICprPUpLQOslAaLgY1C1slkqkxXXgNtfB4rBnE2gkDtSnqe0a7K 60JapVVCpXuJnGozoFusUPgSvy7DM3RJ+xcz4SS6fNIuRGq1bDjOd4E3tcQwk1rh hqqPwPmY1uJK2y6UWiyF9Q2Dvug5mO2ZKqxgwuZPQyRXg14BVxDfXIY6+8SuuL3j YLVmCNqpErcoqeIaUAXUbGyATrUwni8J1RY4Q5lNDMq8u31Xlu/CSaEqU5OxtkeB RvfAuFebnJkUo+YkzouWWKF+eTEhpqxXnPZq2KM8zStGmRpVmreg16THa6CSpi81 HDcsTNKFHsA3QWHosxramg1Z/RYSD+goD0lvnfEVvO4jaUW2f59q2PEu4riM897f L21luddDijVBYmzAngkrhKR0kiADLmU+p67nZ9EyNrR95XYaaJ6GRb5vSXBEgiXt vJJn8GuJAI5h13MzO5rAua82xTHxiQc28s5KCbCJFcp3DZo72mDIVE6MfGb1By5e T1IN17xPN7yVoy/c8WZ89unoNZNXMsTBhcWNNlXsXknALVaYi5i4AtWx3mOLP2gk c1Z7F9XG8niCTGSLvBs5gSAfjSFNB6YiU6NzX9Zlxb4/hr3HE20S+w3AGnvD2f05 hz6LDDCc4xc=hk2d -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0695",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.193"
},
{
"model": "aff a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "manageone",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.1rc1.b060"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "imanager neteco",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v600r009c10spc200"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.9"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.144"
},
{
"model": "manageone",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.rc2.b050"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": "5.3"
},
{
"model": "h610s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.16.74"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "imanager neteco 6000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v600r008c10spc300"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "imanager neteco",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v600r009c00"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.14"
},
{
"model": "data availability services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.19"
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "manageone",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.1rc1.b080"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.193"
},
{
"model": "imanager neteco 6000",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "v600r008c20"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"model": "manageone",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.0.spc100.b210"
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "manageone",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "6.5.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.2.15"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.34"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.73"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.15",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.73",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.16.74",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.144",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.193",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.193",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_a700s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700e:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:_steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c10spc300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:imanager_neteco:v600r009c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:imanager_neteco:v600r009c10spc200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:manageone:6.5.0.spc100.b210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b080:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:huawei:manageone:6.5.rc2.b050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
}
],
"trust": 0.5
},
"cve": "CVE-2019-14835",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-146821",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14835",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-14835",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-146821",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel\u0027s vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. 6.5) - x86_64\n\n3. \n(CVE-2019-14835)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. (CVE-2019-15031)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n linux-image-5.0.0-1016-aws 5.0.0-1016.18\n linux-image-5.0.0-1017-gcp 5.0.0-1017.17\n linux-image-5.0.0-1017-kvm 5.0.0-1017.18\n linux-image-5.0.0-1017-raspi2 5.0.0-1017.17\n linux-image-5.0.0-1020-azure 5.0.0-1020.21\n linux-image-5.0.0-1021-snapdragon 5.0.0-1021.22\n linux-image-5.0.0-29-generic 5.0.0-29.31\n linux-image-5.0.0-29-generic-lpae 5.0.0-29.31\n linux-image-5.0.0-29-lowlatency 5.0.0-29.31\n linux-image-aws 5.0.0.1016.17\n linux-image-azure 5.0.0.1020.19\n linux-image-gcp 5.0.0.1017.43\n linux-image-generic 5.0.0.29.30\n linux-image-generic-lpae 5.0.0.29.30\n linux-image-gke 5.0.0.1017.43\n linux-image-kvm 5.0.0.1017.17\n linux-image-lowlatency 5.0.0.29.30\n linux-image-raspi2 5.0.0.1017.14\n linux-image-snapdragon 5.0.0.1021.14\n linux-image-virtual 5.0.0.29.30\n\nUbuntu 18.04 LTS:\n linux-image-4.15.0-1025-oracle 4.15.0-1025.28\n linux-image-4.15.0-1044-gcp 4.15.0-1044.70\n linux-image-4.15.0-1044-gke 4.15.0-1044.46\n linux-image-4.15.0-1046-kvm 4.15.0-1046.46\n linux-image-4.15.0-1047-raspi2 4.15.0-1047.51\n linux-image-4.15.0-1050-aws 4.15.0-1050.52\n linux-image-4.15.0-1056-oem 4.15.0-1056.65\n linux-image-4.15.0-1064-snapdragon 4.15.0-1064.71\n linux-image-4.15.0-64-generic 4.15.0-64.73\n linux-image-4.15.0-64-generic-lpae 4.15.0-64.73\n linux-image-4.15.0-64-lowlatency 4.15.0-64.73\n linux-image-5.0.0-1017-gke 5.0.0-1017.17~18.04.1\n linux-image-5.0.0-1020-azure 5.0.0-1020.21~18.04.1\n linux-image-5.0.0-29-generic 5.0.0-29.31~18.04.1\n linux-image-5.0.0-29-generic-lpae 5.0.0-29.31~18.04.1\n linux-image-5.0.0-29-lowlatency 5.0.0-29.31~18.04.1\n linux-image-aws 4.15.0.1050.49\n linux-image-azure 5.0.0.1020.30\n linux-image-gcp 4.15.0.1044.70\n linux-image-generic 4.15.0.64.66\n linux-image-generic-hwe-18.04 5.0.0.29.86\n linux-image-generic-lpae 4.15.0.64.66\n linux-image-generic-lpae-hwe-18.04 5.0.0.29.86\n linux-image-gke 4.15.0.1044.47\n linux-image-gke-4.15 4.15.0.1044.47\n linux-image-gke-5.0 5.0.0.1017.7\n linux-image-kvm 4.15.0.1046.46\n linux-image-lowlatency 4.15.0.64.66\n linux-image-lowlatency-hwe-18.04 5.0.0.29.86\n linux-image-oem 4.15.0.1056.60\n linux-image-oracle 4.15.0.1025.28\n linux-image-powerpc-e500mc 4.15.0.64.66\n linux-image-powerpc-smp 4.15.0.64.66\n linux-image-powerpc64-emb 4.15.0.64.66\n linux-image-powerpc64-smp 4.15.0.64.66\n linux-image-raspi2 4.15.0.1047.45\n linux-image-snapdragon 4.15.0.1064.67\n linux-image-snapdragon-hwe-18.04 5.0.0.29.86\n linux-image-virtual 4.15.0.64.66\n linux-image-virtual-hwe-18.04 5.0.0.29.86\n\nUbuntu 16.04 LTS:\n linux-image-4.15.0-1025-oracle 4.15.0-1025.28~16.04.1\n linux-image-4.15.0-1044-gcp 4.15.0-1044.46\n linux-image-4.15.0-1050-aws 4.15.0-1050.52~16.04.1\n linux-image-4.15.0-1059-azure 4.15.0-1059.64\n linux-image-4.15.0-64-generic 4.15.0-64.73~16.04.1\n linux-image-4.15.0-64-generic-lpae 4.15.0-64.73~16.04.1\n linux-image-4.15.0-64-lowlatency 4.15.0-64.73~16.04.1\n linux-image-4.4.0-1058-kvm 4.4.0-1058.65\n linux-image-4.4.0-1094-aws 4.4.0-1094.105\n linux-image-4.4.0-1122-raspi2 4.4.0-1122.131\n linux-image-4.4.0-1126-snapdragon 4.4.0-1126.132\n linux-image-4.4.0-164-generic 4.4.0-164.192\n linux-image-4.4.0-164-generic-lpae 4.4.0-164.192\n linux-image-4.4.0-164-lowlatency 4.4.0-164.192\n linux-image-4.4.0-164-powerpc-e500mc 4.4.0-164.192\n linux-image-4.4.0-164-powerpc-smp 4.4.0-164.192\n linux-image-4.4.0-164-powerpc64-emb 4.4.0-164.192\n linux-image-4.4.0-164-powerpc64-smp 4.4.0-164.192\n linux-image-aws 4.4.0.1094.98\n linux-image-aws-hwe 4.15.0.1050.50\n linux-image-azure 4.15.0.1059.62\n linux-image-gcp 4.15.0.1044.58\n linux-image-generic 4.4.0.164.172\n linux-image-generic-hwe-16.04 4.15.0.64.84\n linux-image-generic-lpae 4.4.0.164.172\n linux-image-generic-lpae-hwe-16.04 4.15.0.64.84\n linux-image-gke 4.15.0.1044.58\n linux-image-kvm 4.4.0.1058.58\n linux-image-lowlatency 4.4.0.164.172\n linux-image-lowlatency-hwe-16.04 4.15.0.64.84\n linux-image-oem 4.15.0.64.84\n linux-image-oracle 4.15.0.1025.18\n linux-image-powerpc-e500mc 4.4.0.164.172\n linux-image-powerpc-smp 4.4.0.164.172\n linux-image-powerpc64-emb 4.4.0.164.172\n linux-image-powerpc64-smp 4.4.0.164.172\n linux-image-raspi2 4.4.0.1122.122\n linux-image-snapdragon 4.4.0.1126.118\n linux-image-virtual 4.4.0.164.172\n linux-image-virtual-hwe-16.04 4.15.0.64.84\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. ==========================================================================\nKernel Live Patch Security Notice 0058-1\nOctober 22, 2019\n\nlinux vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu:\n\n| Series | Base kernel | Arch | flavors |\n|------------------+--------------+----------+------------------|\n| Ubuntu 18.04 LTS | 4.15.0 | amd64 | aws |\n| Ubuntu 18.04 LTS | 4.15.0 | amd64 | generic |\n| Ubuntu 18.04 LTS | 4.15.0 | amd64 | lowlatency |\n| Ubuntu 18.04 LTS | 4.15.0 | amd64 | oem |\n| Ubuntu 18.04 LTS | 5.0.0 | amd64 | azure |\n| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |\n| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |\n| Ubuntu 16.04 LTS | 4.4.0 | amd64 | aws |\n| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |\n| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |\n| Ubuntu 16.04 LTS | 4.15.0 | amd64 | azure |\n| Ubuntu 16.04 LTS | 4.15.0 | amd64 | generic |\n| Ubuntu 16.04 LTS | 4.15.0 | amd64 | lowlatency |\n\nSummary:\n\nSeveral security issues were fixed in the kernel. \n\nSoftware Description:\n- linux: Linux kernel\n\nDetails:\n\nIt was discovered that a race condition existed in the GFS2 file system in\nthe Linux kernel. A local attacker could possibly use this to cause a\ndenial of service (system crash). (CVE-2016-10905)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nIt was discovered that the USB gadget Midi driver in the Linux kernel\ncontained a double-free vulnerability when handling certain error\nconditions. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2018-20961)\n\nIt was discovered that the XFS file system in the Linux kernel did not\nproperly handle mount failures in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash) or execute\narbitrary code. (CVE-2018-20976)\n\nIt was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not\ndid not handle detach operations correctly, leading to a use-after-free\nvulnerability. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2018-21008)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel\ndid not properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Linux kernel on ARM processors allowed a tracing\nprocess to modify a syscall after a seccomp decision had been made on that\nsyscall. A local attacker could possibly use this to bypass seccomp\nrestrictions. (CVE-2019-2054)\n\nIt was discovered that an integer overflow existed in the Binder\nimplementation of the Linux kernel, leading to a buffer overflow. A local\nattacker could use this to escalate privileges. (CVE-2019-2181)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nJonathan Looney discovered that an integer overflow existed in the Linux\nkernel when handling TCP Selective Acknowledgments (SACKs). A remote\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-11477)\n\nJonathan Looney discovered that the TCP retransmission queue implementation\nin the Linux kernel could be fragmented when handling certain TCP Selective\nAcknowledgment (SACK) sequences. A remote attacker could use this to cause\na denial of service. (CVE-2019-11478)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly zero out memory in some situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2019-11833)\n\nIt was discovered that the PowerPC dlpar implementation in the Linux kernel\ndid not properly check for allocation errors in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-12614)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local attacker\ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A local\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14814)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14815)\n\nWen Huang discovered that the Marvell Wi-Fi device driver in the Linux\nkernel did not properly perform bounds checking, leading to a heap\noverflow. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-14816)\n\nMatt Delco discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly perform bounds checking when handling coalesced\nMMIO write operations. A local attacker with write access to /dev/kvm could\nuse this to cause a denial of service (system crash). (CVE-2019-14821)\n\nPeter Pi discovered a buffer overflow in the virtio network backend\n(vhost_net) implementation in the Linux kernel. (CVE-2019-14835)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your livepatches to the following\nversions:\n\n| Kernel | Version | flavors |\n|--------------------------+----------+--------------------------|\n| 4.4.0-148.174 | 58.1 | lowlatency, generic |\n| 4.4.0-148.174~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-150.176 | 58.1 | generic, lowlatency |\n| 4.4.0-150.176~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-151.178 | 58.1 | lowlatency, generic |\n| 4.4.0-151.178~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-154.181 | 58.1 | lowlatency, generic |\n| 4.4.0-154.181~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-157.185 | 58.1 | lowlatency, generic |\n| 4.4.0-157.185~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-159.187 | 58.1 | lowlatency, generic |\n| 4.4.0-159.187~14.04.1 | 58.1 | generic, lowlatency |\n| 4.4.0-161.189 | 58.1 | lowlatency, generic |\n| 4.4.0-161.189~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-164.192 | 58.1 | lowlatency, generic |\n| 4.4.0-164.192~14.04.1 | 58.1 | lowlatency, generic |\n| 4.4.0-165.193 | 58.1 | generic, lowlatency |\n| 4.4.0-1083.93 | 58.1 | aws |\n| 4.4.0-1084.94 | 58.1 | aws |\n| 4.4.0-1085.96 | 58.1 | aws |\n| 4.4.0-1087.98 | 58.1 | aws |\n| 4.4.0-1088.99 | 58.1 | aws |\n| 4.4.0-1090.101 | 58.1 | aws |\n| 4.4.0-1092.103 | 58.1 | aws |\n| 4.4.0-1094.105 | 58.1 | aws |\n| 4.15.0-50.54 | 58.1 | generic, lowlatency |\n| 4.15.0-50.54~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-51.55 | 58.1 | generic, lowlatency |\n| 4.15.0-51.55~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-52.56 | 58.1 | lowlatency, generic |\n| 4.15.0-52.56~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-54.58 | 58.1 | generic, lowlatency |\n| 4.15.0-54.58~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-55.60 | 58.1 | generic, lowlatency |\n| 4.15.0-58.64 | 58.1 | generic, lowlatency |\n| 4.15.0-58.64~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-60.67 | 58.1 | lowlatency, generic |\n| 4.15.0-60.67~16.04.1 | 58.1 | generic, lowlatency |\n| 4.15.0-62.69 | 58.1 | generic, lowlatency |\n| 4.15.0-62.69~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-64.73 | 58.1 | generic, lowlatency |\n| 4.15.0-64.73~16.04.1 | 58.1 | lowlatency, generic |\n| 4.15.0-65.74 | 58.1 | lowlatency, generic |\n| 4.15.0-1038.43 | 58.1 | oem |\n| 4.15.0-1039.41 | 58.1 | aws |\n| 4.15.0-1039.44 | 58.1 | oem |\n| 4.15.0-1040.42 | 58.1 | aws |\n| 4.15.0-1041.43 | 58.1 | aws |\n| 4.15.0-1043.45 | 58.1 | aws |\n| 4.15.0-1043.48 | 58.1 | oem |\n| 4.15.0-1044.46 | 58.1 | aws |\n| 4.15.0-1045.47 | 58.1 | aws |\n| 4.15.0-1045.50 | 58.1 | oem |\n| 4.15.0-1047.49 | 58.1 | aws |\n| 4.15.0-1047.51 | 58.1 | azure |\n| 4.15.0-1048.50 | 58.1 | aws |\n| 4.15.0-1049.54 | 58.1 | azure |\n| 4.15.0-1050.52 | 58.1 | aws |\n| 4.15.0-1050.55 | 58.1 | azure |\n| 4.15.0-1050.57 | 58.1 | oem |\n| 4.15.0-1051.53 | 58.1 | aws |\n| 4.15.0-1051.56 | 58.1 | azure |\n| 4.15.0-1052.57 | 58.1 | azure |\n| 4.15.0-1055.60 | 58.1 | azure |\n| 4.15.0-1056.61 | 58.1 | azure |\n| 4.15.0-1056.65 | 58.1 | oem |\n| 4.15.0-1057.62 | 58.1 | azure |\n| 4.15.0-1057.66 | 58.1 | oem |\n| 4.15.0-1059.64 | 58.1 | azure |\n| 5.0.0-1014.14~18.04.1 | 58.1 | azure |\n| 5.0.0-1016.17~18.04.1 | 58.1 | azure |\n| 5.0.0-1018.19~18.04.1 | 58.1 | azure |\n| 5.0.0-1020.21~18.04.1 | 58.1 | azure |\n\nSupport Information:\n\nKernels older than the levels listed below do not receive livepatch\nupdates. Please upgrade your kernel as soon as possible. \n\n| Series | Version | Flavors |\n|------------------+------------------+--------------------------|\n| Ubuntu 18.04 LTS | 4.15.0-1039 | aws |\n| Ubuntu 16.04 LTS | 4.4.0-1083 | aws |\n| Ubuntu 18.04 LTS | 5.0.0-1000 | azure |\n| Ubuntu 16.04 LTS | 4.15.0-1047 | azure |\n| Ubuntu 18.04 LTS | 4.15.0-50 | generic lowlatency |\n| Ubuntu 16.04 LTS | 4.15.0-50 | generic lowlatency |\n| Ubuntu 14.04 LTS | 4.4.0-148 | generic lowlatency |\n| Ubuntu 18.04 LTS | 4.15.0-1038 | oem |\n| Ubuntu 16.04 LTS | 4.4.0-148 | generic lowlatency |\n\nReferences:\n CVE-2016-10905, CVE-2018-20856, CVE-2018-20961, CVE-2018-20976, \n CVE-2018-21008, CVE-2019-0136, CVE-2019-2054, CVE-2019-2181, \n CVE-2019-3846, CVE-2019-10126, CVE-2019-10207, CVE-2019-11477, \n CVE-2019-11478, CVE-2019-11833, CVE-2019-12614, CVE-2019-14283, \n CVE-2019-14284, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, \n CVE-2019-14821, CVE-2019-14835\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.199/*: Upgraded. \n These updates fix various bugs and security issues. \n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader. \n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition. \n For more information, see:\n Fixed in 4.4.191:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117\n Fixed in 4.4.193:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835\n Fixed in 4.4.194:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821\n Fixed in 4.4.195:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054\n Fixed in 4.4.196:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215\n Fixed in 4.4.197:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976\n Fixed in 4.4.198:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133\n Fixed in 4.4.199:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n\n0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz\nee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz\na8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz\ncd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz\n842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz\n257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz\n96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz\n0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz\ndadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz\nf5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz\na5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz\n5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.199-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.199 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. 7) - aarch64, noarch, ppc64le\n\n3. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe following packages have been upgraded to a later upstream version:\nredhat-release-virtualization-host (4.2), redhat-virtualization-host (4.2). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security update\nAdvisory ID: RHSA-2019:2867-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2867\nIssue date: 2019-09-23\nCVE Names: CVE-2019-14835\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.4\nAdvanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64\n\n3. \n(CVE-2019-14835)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nkernel-3.10.0-693.59.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm\nkernel-doc-3.10.0-693.59.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-headers-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm\nperf-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nkernel-3.10.0-693.59.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm\nkernel-doc-3.10.0-693.59.1.el7.noarch.rpm\n\nppc64le:\nkernel-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-693.59.1.el7.ppc64le.rpm\nperf-3.10.0-693.59.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\npython-perf-3.10.0-693.59.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\n\nx86_64:\nkernel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-headers-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm\nperf-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nkernel-3.10.0-693.59.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-693.59.1.el7.noarch.rpm\nkernel-doc-3.10.0-693.59.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-devel-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-headers-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-693.59.1.el7.x86_64.rpm\nperf-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-693.59.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.ppc64le.rpm\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-693.59.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-693.59.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14835\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXYi86tzjgjWX9erEAQi1YA//SFbLNTK8xgMJM4UXWUDM7d1LMS/f79kZ\nC+qG3/+OUqyltICprPUpLQOslAaLgY1C1slkqkxXXgNtfB4rBnE2gkDtSnqe0a7K\n60JapVVCpXuJnGozoFusUPgSvy7DM3RJ+xcz4SS6fNIuRGq1bDjOd4E3tcQwk1rh\nhqqPwPmY1uJK2y6UWiyF9Q2Dvug5mO2ZKqxgwuZPQyRXg14BVxDfXIY6+8SuuL3j\nYLVmCNqpErcoqeIaUAXUbGyATrUwni8J1RY4Q5lNDMq8u31Xlu/CSaEqU5OxtkeB\nRvfAuFebnJkUo+YkzouWWKF+eTEhpqxXnPZq2KM8zStGmRpVmreg16THa6CSpi81\nHDcsTNKFHsA3QWHosxramg1Z/RYSD+goD0lvnfEVvO4jaUW2f59q2PEu4riM897f\nL21luddDijVBYmzAngkrhKR0kiADLmU+p67nZ9EyNrR95XYaaJ6GRb5vSXBEgiXt\nvJJn8GuJAI5h13MzO5rAua82xTHxiQc28s5KCbCJFcp3DZo72mDIVE6MfGb1By5e\nT1IN17xPN7yVoy/c8WZ89unoNZNXMsTBhcWNNlXsXknALVaYi5i4AtWx3mOLP2gk\nc1Z7F9XG8niCTGSLvBs5gSAfjSFNB6YiU6NzX9Zlxb4/hr3HE20S+w3AGnvD2f05\nhz6LDDCc4xc=hk2d\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14835"
},
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154514"
},
{
"db": "PACKETSTORM",
"id": "154951"
},
{
"db": "PACKETSTORM",
"id": "155212"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154572"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14835",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "155212",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "154951",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "154572",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/10/03/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/10/09/7",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/09/24/1",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/10/09/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/09/17/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "154570",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154602",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154562",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154514",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154540",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154659",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154539",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154563",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154564",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154541",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154558",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154585",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154569",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201909-807",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-146821",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154514"
},
{
"db": "PACKETSTORM",
"id": "154951"
},
{
"db": "PACKETSTORM",
"id": "155212"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154572"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"id": "VAR-201909-0695",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-146821"
}
],
"trust": 0.35113123999999996
},
"last_update_date": "2024-07-23T20:01:54.800000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2830"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2862"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2867"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2901"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2924"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/41"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/nov/11"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yw3qnmpenpfegvtofpsnobl7jeijs25p/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kqfy6jyfiq2vfq7qcsxpwtul5zdncjl5/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhba-2019:2824"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2827"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2828"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2829"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2854"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2863"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2864"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2865"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2866"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2869"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2889"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2899"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2900"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4135-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4135-2/"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154572/kernel-live-patch-security-notice-lsn-0056-1.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154951/kernel-live-patch-security-notice-lsn-0058-1.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/155212/slackware-security-advisory-slackware-14.2-kernel-updates.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14835"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"trust": 1.1,
"url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14835"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/vulnerabilities/kernel-vhost"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-14835"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14821"
},
{
"trust": 0.2,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10905"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20976"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14814"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-29.31~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1122.131"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1017.18"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15030"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1059.64"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1017.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1017.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.0.0-29.31"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1094.105"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1050.52~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1044.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1047.51"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1050.52"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-64.73"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1021.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1016.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1058.65"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1126.132"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1056.65"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1046.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1017.17~18.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4135-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1025.28"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1044.70"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-164.192"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1064.71"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15031"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1020.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-64.73~16.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-21008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20961"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14835"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2215"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17054"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17055"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15118"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17053"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10906"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20976"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17052"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15117"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17133"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15505"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15098"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2215"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15118"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10905"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17056"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15117"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17056"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14821"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10638"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17055"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17133"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154514"
},
{
"db": "PACKETSTORM",
"id": "154951"
},
{
"db": "PACKETSTORM",
"id": "155212"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154572"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-146821"
},
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154514"
},
{
"db": "PACKETSTORM",
"id": "154951"
},
{
"db": "PACKETSTORM",
"id": "155212"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154572"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
},
{
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-17T00:00:00",
"db": "VULHUB",
"id": "VHN-146821"
},
{
"date": "2019-09-25T17:55:27",
"db": "PACKETSTORM",
"id": "154602"
},
{
"date": "2019-09-18T21:22:40",
"db": "PACKETSTORM",
"id": "154514"
},
{
"date": "2019-10-23T18:32:10",
"db": "PACKETSTORM",
"id": "154951"
},
{
"date": "2019-11-08T15:37:19",
"db": "PACKETSTORM",
"id": "155212"
},
{
"date": "2019-09-23T18:25:39",
"db": "PACKETSTORM",
"id": "154562"
},
{
"date": "2019-09-30T04:44:44",
"db": "PACKETSTORM",
"id": "154659"
},
{
"date": "2019-09-23T18:31:46",
"db": "PACKETSTORM",
"id": "154572"
},
{
"date": "2019-09-23T18:27:09",
"db": "PACKETSTORM",
"id": "154570"
},
{
"date": "2019-09-20T14:57:53",
"db": "PACKETSTORM",
"id": "154540"
},
{
"date": "2019-09-17T16:15:10.980000",
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-146821"
},
{
"date": "2023-12-15T15:29:09.587000",
"db": "NVD",
"id": "CVE-2019-14835"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "154514"
},
{
"db": "PACKETSTORM",
"id": "154951"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2019-2901-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "154602"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "154602"
},
{
"db": "PACKETSTORM",
"id": "154562"
},
{
"db": "PACKETSTORM",
"id": "154659"
},
{
"db": "PACKETSTORM",
"id": "154570"
},
{
"db": "PACKETSTORM",
"id": "154540"
}
],
"trust": 0.5
}
}
VAR-202206-1428
Vulnerability from variot - Updated: 2024-07-23 19:47In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:
Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
This advisory contains bug fixes and enhancements to the Submariner container images. Description:
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes. Bugs fixed (https://bugzilla.redhat.com/):
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2115198 - build ceph containers for RHCS 5.2 release
- Summary:
OpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- JIRA issues fixed (https://issues.jboss.org/):
OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig OADP-154 - Ensure support for backing up resources based on different label selectors OADP-194 - Remove the registry dependency from OADP OADP-199 - Enable support for restore of existing resources OADP-224 - Restore silently ignore resources if they exist - restore log not updated OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated OADP-234 - Implementation of incremental restore OADP-324 - Add label to Expired backups failing garbage collection OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot OADP-528 - The volumesnapshotcontent is not removed for the synced backup OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10 OADP-538 - typo on noDefaultBackupLocation error on DPA CR OADP-552 - Validate OADP with 4.11 and Pod Security Admissions OADP-558 - Empty Failed Backup CRs can't be removed OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly OADP-592 - OADP must-gather add support for insecure tls OADP-597 - BSL validation logs OADP-598 - Data mover performance on backup blocks backup process OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled OADP-602 - Support GCP for openshift-velero-plugin registry OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace OADP-613 - DataMover: upstream documentation refers wrong CRs OADP-637 - Restic backup fails with CA certificate OADP-643 - [Data Mover] VSB and VSR names are not unique OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable OADP-648 - Remove default limits for velero and restic pods OADP-652 - Data mover VolSync pod errors with Noobaa OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace OADP-660 - Data mover restic secret does not support Azure OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores//.velero/" OADP-716 - Incremental restore: second restore of a namespace partially fails OADP-736 - Data mover VSB always fails with volsync 0.5
- Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fixes:
- moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
-
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
-
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
-
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
-
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
-
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
-
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
-
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
-
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
-
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
-
managed cluster is in "unknown" state for 120 mins after OADP restore
-
RHACM 2.5.2 images (BZ# 2104553)
-
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
-
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
-
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
-
cluster uninstall log points to incorrect container name (BZ# 2107359)
-
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
-
Single node checkbox not visible for 4.11 images (BZ# 2109134)
-
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
-
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
-
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
-
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
-
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
-
Bugs fixed (https://bugzilla.redhat.com/):
2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
Bug Fix(es):
-
Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
-
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
-
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
-
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
-
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
-
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
-
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
-
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
-
Unable to start windows VMs on PSI setups (BZ#2115371)
-
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
-
Mark Windows 11 as TechPreview (BZ#2129013)
-
4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49
- Bugs fixed (https://bugzilla.redhat.com/):
2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM 2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR 2091856 - ?Edit BootSource? action should have more explicit information when disabled 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2102694 - Fedora version in DataImportCrons is not 'latest' 2109407 - [4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted 2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls 2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based 2115371 - Unable to start windows VMs on PSI setups 2119613 - GiB changes to B in Template's Edit boot source reference modal 2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass 2128872 - [4.11]Can't restore cloned VM 2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 2129013 - Mark Windows 11 as TechPreview 2129235 - [RFE] Add "Copy SSH command" to VM action list 2134668 - Cannot edit ssh even vm is stopped 2139453 - 4.11.1 rpms
- Bugs fixed (https://bugzilla.redhat.com/):
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update Advisory ID: RHSA-2022:8917-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2022:8917 Issue date: 2022-12-12 CVE Names: CVE-2022-1292 CVE-2022-2068 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server - x86_64 Red Hat JBoss Web Server 5.7 for RHEL 8 - x86_64 Red Hat JBoss Web Server 5.7 for RHEL 9 - x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References.
Security Fix(es):
-
openssl: c_rehash script allows command injection (CVE-2022-1292)
-
openssl: the c_rehash script allows command injection (CVE-2022-2068)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat JBoss Web Server 5.7 for RHEL 7 Server:
Source: jws5-tomcat-native-1.2.31-11.redhat_11.el7jws.src.rpm
x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el7jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 8:
Source: jws5-tomcat-native-1.2.31-11.redhat_11.el8jws.src.rpm
x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el8jws.x86_64.rpm
Red Hat JBoss Web Server 5.7 for RHEL 9:
Source: jws5-tomcat-native-1.2.31-11.redhat_11.el9jws.src.rpm
x86_64: jws5-tomcat-native-1.2.31-11.redhat_11.el9jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el9jws.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY5dYDtzjgjWX9erEAQihfg/+JKRn1ponld/PXWb0JyTUZp2RsgqRlaoi dFWK8JVr3iIzA8pVUqiy+9fYqvRLvRNv8iyPezTFvlfi70FDLXd58QjxQd2zIcI2 tvwFp3mFYfqT3iEz3PdvhiDpPx9XVeSuXgl8CglshJc4ARkLtdIJzkB6xoWl3fe0 myZzwJChpWzOYvZWZVzPRNzsuAi75pc/y8GwVh+fIlw3iySiskkspGVksXBmoBup XIM0O9ICMJ4jUbNTEZ0AwM6yZX1603sdvW60UarBVjf48vIM8x2ef6h84xEMB/3J eLaUlm5Gm68CQx3Sf+ImCCmYcJ2LmX3KnBMGUhBiQGh2SlEJPKijlrHAhLX7M1YG /yvgd8plwRCAsYTlAJyhcXpBovNtP9io+S4kNy/j/HswvuUcJ+mrJNfZq6AwRnoF cNf2h1+Nl8VlT5YXkbZ0vRW1VbY7L4G1BCiqG2VGdjuOuynXh2URHsdKgs9zHY+5 OMaV16fDbH23t04So+b4hxTsfelUUWEqyKk3qvZESNoFmWPCbaBpzDlawSGEFp5g Ly0SN2cW39creXZ3uYioyMnHKeviSDGX8ik40c7mMYYaGnbgP1mPR8FWu9C3EoWi 0LV3EDSHyFKFxUahjGzKKmjDQtYXPAt9Ci1Vp0OQFhKtAecfmlRZJEZRL4JCgKUd vabHaw7IH20=YAuF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sannav",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "fas 8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "aff a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h615c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1p"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h610c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.4"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2zf"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "3.0.0"
},
{
"model": "aff 8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "aff 8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "fas 8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "h610s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fas a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.1p",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2zf",
"versionStartIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:fas_a400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:sannav:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168022"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "170197"
}
],
"trust": 0.9
},
"cve": "CVE-2022-2068",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-2068",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2068",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2112",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-2068",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). (CVE-2022-2068). Description:\n\nSubmariner enables direct networking between pods and services on different\nKubernetes clusters that are either on-premises or in the cloud. \n\nFor more information about Submariner, see the Submariner open source\ncommunity website at: https://submariner.io/. \n\nThis advisory contains bug fixes and enhancements to the Submariner\ncontainer images. Description:\n\nRed Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services. \n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2115198 - build ceph containers for RHCS 5.2 release\n\n5. Summary:\n\nOpenShift API for Data Protection (OADP) 1.1.0 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig\nOADP-154 - Ensure support for backing up resources based on different label selectors\nOADP-194 - Remove the registry dependency from OADP\nOADP-199 - Enable support for restore of existing resources\nOADP-224 - Restore silently ignore resources if they exist - restore log not updated\nOADP-225 - Restore doesn\u0027t update velero.io/backup-name when a resource is updated\nOADP-234 - Implementation of incremental restore\nOADP-324 - Add label to Expired backups failing garbage collection\nOADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases\nOADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it\u0027s unable to find the zone\nOADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete\nOADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot\nOADP-528 - The volumesnapshotcontent is not removed for the synced backup\nOADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10\nOADP-538 - typo on noDefaultBackupLocation error on DPA CR\nOADP-552 - Validate OADP with 4.11 and Pod Security Admissions\nOADP-558 - Empty Failed Backup CRs can\u0027t be removed\nOADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version\nOADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly\nOADP-592 - OADP must-gather add support for insecure tls\nOADP-597 - BSL validation logs\nOADP-598 - Data mover performance on backup blocks backup process\nOADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl\nOADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled\nOADP-602 - Support GCP for openshift-velero-plugin registry\nOADP-605 - [OCP 4.11] CSI restore fails with admission webhook \\\"volumesnapshotclasses.snapshot.storage.k8s.io\\\" denied\nOADP-607 - DataMover: VSB is stuck on SnapshotBackupDone\nOADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace\nOADP-613 - DataMover: upstream documentation refers wrong CRs\nOADP-637 - Restic backup fails with CA certificate\nOADP-643 - [Data Mover] VSB and VSR names are not unique\nOADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable\nOADP-648 - Remove default limits for velero and restic pods\nOADP-652 - Data mover VolSync pod errors with Noobaa\nOADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace\nOADP-660 - Data mover restic secret does not support Azure\nOADP-698 - DataMover: volume-snapshot-mover pod points to upstream image\nOADP-715 - Restic restore fails: restic-wait container continuously fails with \"Not found: /restores/\u003cpod-volume\u003e/.velero/\u003crestore-UID\u003e\"\nOADP-716 - Incremental restore: second restore of a namespace partially fails\nOADP-736 - Data mover VSB always fails with volsync 0.5\n\n6. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2033191 - Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2070772 - When specifying pciAddress for several SR-IOV NIC they are not correctly propagated to libvirt XML\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2087177 - Restart of VM Pod causes SSH keys to be regenerated within VM\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2098225 - [4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2102694 - Fedora version in DataImportCrons is not \u0027latest\u0027\n2109407 - [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2112643 - Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based\n2115371 - Unable to start windows VMs on PSI setups\n2119613 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2128554 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129235 - [RFE] Add \"Copy SSH command\" to VM action list\n2134668 - Cannot edit ssh even vm is stopped\n2139453 - 4.11.1 rpms\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service\n2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY\n2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers\n2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters\n2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update\nAdvisory ID: RHSA-2022:8917-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8917\nIssue date: 2022-12-12\nCVE Names: CVE-2022-1292 CVE-2022-2068\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat\nEnterprise Linux versions 7, 8, and 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server - x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 8 - x86_64\nRed Hat JBoss Web Server 5.7 for RHEL 9 - x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. \n\nThis release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for\nRed Hat JBoss Web Server 5.7.0. This release includes bug fixes,\nenhancements and component upgrades, which are documented in the Release\nNotes, linked to in the References. \n\nSecurity Fix(es):\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat JBoss Web Server 5.7 for RHEL 7 Server:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el7jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el7jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el7jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 8:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el8jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el8jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el8jws.x86_64.rpm\n\nRed Hat JBoss Web Server 5.7 for RHEL 9:\n\nSource:\njws5-tomcat-native-1.2.31-11.redhat_11.el9jws.src.rpm\n\nx86_64:\njws5-tomcat-native-1.2.31-11.redhat_11.el9jws.x86_64.rpm\njws5-tomcat-native-debuginfo-1.2.31-11.redhat_11.el9jws.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5dYDtzjgjWX9erEAQihfg/+JKRn1ponld/PXWb0JyTUZp2RsgqRlaoi\ndFWK8JVr3iIzA8pVUqiy+9fYqvRLvRNv8iyPezTFvlfi70FDLXd58QjxQd2zIcI2\ntvwFp3mFYfqT3iEz3PdvhiDpPx9XVeSuXgl8CglshJc4ARkLtdIJzkB6xoWl3fe0\nmyZzwJChpWzOYvZWZVzPRNzsuAi75pc/y8GwVh+fIlw3iySiskkspGVksXBmoBup\nXIM0O9ICMJ4jUbNTEZ0AwM6yZX1603sdvW60UarBVjf48vIM8x2ef6h84xEMB/3J\neLaUlm5Gm68CQx3Sf+ImCCmYcJ2LmX3KnBMGUhBiQGh2SlEJPKijlrHAhLX7M1YG\n/yvgd8plwRCAsYTlAJyhcXpBovNtP9io+S4kNy/j/HswvuUcJ+mrJNfZq6AwRnoF\ncNf2h1+Nl8VlT5YXkbZ0vRW1VbY7L4G1BCiqG2VGdjuOuynXh2URHsdKgs9zHY+5\nOMaV16fDbH23t04So+b4hxTsfelUUWEqyKk3qvZESNoFmWPCbaBpzDlawSGEFp5g\nLy0SN2cW39creXZ3uYioyMnHKeviSDGX8ik40c7mMYYaGnbgP1mPR8FWu9C3EoWi\n0LV3EDSHyFKFxUahjGzKKmjDQtYXPAt9Ci1Vp0OQFhKtAecfmlRZJEZRL4JCgKUd\nvabHaw7IH20=YAuF\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2068"
},
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168022"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "170197"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2068",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-332410",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-319-01",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168351",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170197",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167713",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168204",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167948",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168112",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168222",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168182",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167564",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168187",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168387",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3269",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4296",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4122",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4099",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4747",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3145",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4167",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4233",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4669",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6434",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4323",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3034",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3814",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5247",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070209",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062906",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071151",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070712",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168265",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170162",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168022"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "170197"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"id": "VAR-202206-1428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.416330645
},
"last_update_date": "2024-07-23T19:47:22.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenSSL Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=197983"
},
{
"title": "Debian Security Advisories: DSA-5169-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6b57464ee127384d3d853e9cc99cf350"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1626",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1626"
},
{
"title": "Debian CVElist Bug Report Logs: openssl: CVE-2022-2097",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=740b837c53d462fc86f3cb0849b86ca0"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-2068"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1832",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1832"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1831",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1831"
},
{
"title": "Amazon Linux 2: ALASOPENSSL-SNAPSAFE-2023-001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alasopenssl-snapsafe-2023-001"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-2068"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228917 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.7.1 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228913 - security advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225818 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat Satellite Client security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235982 - security advisory"
},
{
"title": "Red Hat: Moderate: openssl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226224 - security advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226517 - security advisory"
},
{
"title": "Red Hat: Important: Self Node Remediation Operator 0.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226184 - security advisory"
},
{
"title": "Red Hat: Important: Satellite 6.11.5.6 async security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235980 - security advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-123",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-123"
},
{
"title": "Red Hat: Important: Satellite 6.12.5.2 Async Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20235979 - security advisory"
},
{
"title": "Red Hat: Critical: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226422 - security advisory"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8efbc4133194fcddd0bca99df112b683"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.11.1 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226103 - security advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-195",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-195"
},
{
"title": "Red Hat: Important: Node Maintenance Operator 4.11.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226188 - security advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Security and Bug Fix update (5.3.11)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226182 - security advisory"
},
{
"title": "Red Hat: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226051 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.2 Containers security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226283 - security advisory"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.4.5 Security and Bug Fix Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226183 - security advisory"
},
{
"title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226507 - security advisory"
},
{
"title": "Red Hat: Moderate: RHOSDT 2.6.0 operator/operand containers Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227055 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift sandboxed containers 1.3.1 security fix and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20227058 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228840 - security advisory"
},
{
"title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226024 - security advisory"
},
{
"title": "Red Hat: Moderate: RHACS 3.72 enhancement and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226714 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226290 - security advisory"
},
{
"title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226348 - security advisory"
},
{
"title": "Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226345 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228841 - security advisory"
},
{
"title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226346 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226430 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226370 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226271 - security advisory"
},
{
"title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226696 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226156 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228750 - security advisory"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226526 - security advisory"
},
{
"title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226429 - security advisory"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20230408 - security advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228889 - security advisory"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228781 - security advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225069 - security advisory"
},
{
"title": "Smart Check Scan-Report",
"trust": 0.1,
"url": "https://github.com/mawinkler/c1-cs-scan-result "
},
{
"title": "Repository with scripts to verify system against CVE",
"trust": 0.1,
"url": "https://github.com/backloop-biz/vulnerability_checker "
},
{
"title": "https://github.com/jntass/TASSL-1.1.1",
"trust": 0.1,
"url": "https://github.com/jntass/tassl-1.1.1 "
},
{
"title": "Repository with scripts to verify system against CVE",
"trust": 0.1,
"url": "https://github.com/backloop-biz/cve_checks "
},
{
"title": "https://github.com/tianocore-docs/ThirdPartySecurityAdvisories",
"trust": 0.1,
"url": "https://github.com/tianocore-docs/thirdpartysecurityadvisories "
},
{
"title": "OpenSSL-CVE-lib",
"trust": 0.1,
"url": "https://github.com/chnzzh/openssl-cve-lib "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/06/27/openssl_304_memory_corruption_bug/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5169"
},
{
"trust": 1.7,
"url": "https://www.openssl.org/news/secadv/20220621.txt"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220707-0008/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2c9c35870601b4a44d86ddbf512b38df38285cfa"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=9639817dac8bbbaa64d09efad7464ccc405527c7"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6wzzbkuhqfgskgnxxkicsrpl7amvw5m5/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6wzzbkuhqfgskgnxxkicsrpl7amvw5m5/"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vcmnwkerpbkoebnl7clttx3zzczlh7xa/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4747"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4669"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170197/red-hat-security-advisory-2022-8917-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3814"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168538/red-hat-security-advisory-2022-6696-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167948/red-hat-security-advisory-2022-5818-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168222/red-hat-security-advisory-2022-6283-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062906"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168182/red-hat-security-advisory-2022-6184-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168204/red-hat-security-advisory-2022-6224-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4099"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4296"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4233"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3145"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070209"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5961"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3269"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167713/ubuntu-security-notice-usn-5488-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3109"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2068/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168112/red-hat-security-advisory-2022-6051-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071151"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168187/red-hat-security-advisory-2022-6188-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1430"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-319-01"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168351/red-hat-security-advisory-2022-6430-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4167"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167564/ubuntu-security-notice-usn-5488-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3034"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070615"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168022/red-hat-security-advisory-2022-6024-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4122"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4323"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3355"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070712"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168387/red-hat-security-advisory-2022-6517-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26691"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/backloop-biz/vulnerability_checker"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-319-01"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1626.html"
},
{
"trust": 0.1,
"url": "https://submariner.io/getting-started/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://submariner.io/."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/add-ons/submariner#submariner-deploy-console"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/1548993"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2789521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6024"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8917"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168022"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "170197"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"db": "PACKETSTORM",
"id": "168265"
},
{
"db": "PACKETSTORM",
"id": "168022"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "168228"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "170197"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"date": "2022-09-07T16:37:33",
"db": "PACKETSTORM",
"id": "168265"
},
{
"date": "2022-08-10T15:50:41",
"db": "PACKETSTORM",
"id": "168022"
},
{
"date": "2022-09-13T15:41:58",
"db": "PACKETSTORM",
"id": "168351"
},
{
"date": "2022-09-01T16:34:06",
"db": "PACKETSTORM",
"id": "168228"
},
{
"date": "2022-09-14T15:08:07",
"db": "PACKETSTORM",
"id": "168378"
},
{
"date": "2022-09-07T17:09:04",
"db": "PACKETSTORM",
"id": "168289"
},
{
"date": "2022-12-02T15:57:08",
"db": "PACKETSTORM",
"id": "170083"
},
{
"date": "2022-12-08T16:34:22",
"db": "PACKETSTORM",
"id": "170162"
},
{
"date": "2022-12-12T23:02:33",
"db": "PACKETSTORM",
"id": "170197"
},
{
"date": "2022-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"date": "2022-06-21T15:15:09.060000",
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2068"
},
{
"date": "2023-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2112"
},
{
"date": "2023-11-07T03:46:11.177000",
"db": "NVD",
"id": "CVE-2022-2068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Operating system command injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2112"
}
],
"trust": 0.6
}
}
VAR-201905-0095
Vulnerability from variot - Updated: 2024-07-23 19:40A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curl_url_set tftp: use the current blksize for recvfrom() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz
Slackware -current package: 82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz
Slackware x86_64 -current package: df9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.65.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)
It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1
Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13
In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64
- This only affects the oldstable distribution (stretch).
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
by a malicious server sending a very large data block.
For the oldstable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u10.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u1.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5 eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7 KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30 KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]
-
8) - aarch64, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2020:1020-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1020 Issue date: 2020-03-31 CVE Names: CVE-2019-5436 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice 1769307 - curl fails while attempting to POST a char device
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
ppc64: curl-7.29.0-57.el7.ppc64.rpm curl-debuginfo-7.29.0-57.el7.ppc.rpm curl-debuginfo-7.29.0-57.el7.ppc64.rpm libcurl-7.29.0-57.el7.ppc.rpm libcurl-7.29.0-57.el7.ppc64.rpm libcurl-devel-7.29.0-57.el7.ppc.rpm libcurl-devel-7.29.0-57.el7.ppc64.rpm
ppc64le: curl-7.29.0-57.el7.ppc64le.rpm curl-debuginfo-7.29.0-57.el7.ppc64le.rpm libcurl-7.29.0-57.el7.ppc64le.rpm libcurl-devel-7.29.0-57.el7.ppc64le.rpm
s390x: curl-7.29.0-57.el7.s390x.rpm curl-debuginfo-7.29.0-57.el7.s390.rpm curl-debuginfo-7.29.0-57.el7.s390x.rpm libcurl-7.29.0-57.el7.s390.rpm libcurl-7.29.0-57.el7.s390x.rpm libcurl-devel-7.29.0-57.el7.s390.rpm libcurl-devel-7.29.0-57.el7.s390x.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z qwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr u+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP MvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q 9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r JcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+ hJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T N0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc bgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/ cBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7 0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ M95S58Xnb8U= =UHVC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.1"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.28"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oss support tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.17"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "traffix signaling delivery controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "5.1.0"
},
{
"model": "traffix signaling delivery controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "5.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.27"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.19.4 to 7.64.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.64.1",
"versionStartIncluding": "7.19.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.27",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.17",
"versionStartIncluding": "5.7.28",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Debian,Red Hat,Slackware Security Team,l00p3r.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
},
"cve": "CVE-2019-5436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5436",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-156871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5436",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5436",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-933",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-156871",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-5436",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n Integer overflows in curl_url_set\n tftp: use the current blksize for recvfrom()\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz\n\nSlackware x86_64 -current package:\ndf9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.65.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ==========================================================================\nUbuntu Security Notice USN-3993-1\nMay 22, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)\n\nIt was discovered that curl incorrectly handled memory when receiving data\nfrom a TFTP server. A remote attacker could use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2019-5436)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n curl 7.64.0-2ubuntu1.1\n libcurl3-gnutls 7.64.0-2ubuntu1.1\n libcurl3-nss 7.64.0-2ubuntu1.1\n libcurl4 7.64.0-2ubuntu1.1\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.4\n libcurl3-gnutls 7.61.0-1ubuntu2.4\n libcurl3-nss 7.61.0-1ubuntu2.4\n libcurl4 7.61.0-1ubuntu2.4\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.7\n libcurl3-gnutls 7.58.0-2ubuntu3.7\n libcurl3-nss 7.58.0-2ubuntu3.7\n libcurl4 7.58.0-2ubuntu3.7\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.13\n libcurl3 7.47.0-1ubuntu2.13\n libcurl3-gnutls 7.47.0-1ubuntu2.13\n libcurl3-nss 7.47.0-1ubuntu2.13\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. This only affects\n the oldstable distribution (stretch). \n\nCVE-2019-5481\n\n Thomas Vegas discovered a double-free in the FTP-KRB code, triggered\n by a malicious server sending a very large data block. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u10. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u1. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi\nRyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5\neQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU\naP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU\nG86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F\ntR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7\nKLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e\nqVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH\nZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj\nKbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW\nG9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30\nKqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: curl security and bug fix update\nAdvisory ID: RHSA-2020:1020-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1020\nIssue date: 2020-03-31\nCVE Names: CVE-2019-5436 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n(CVE-2019-5436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice\n1769307 - curl fails while attempting to POST a char device\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nppc64:\ncurl-7.29.0-57.el7.ppc64.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64.rpm\nlibcurl-7.29.0-57.el7.ppc.rpm\nlibcurl-7.29.0-57.el7.ppc64.rpm\nlibcurl-devel-7.29.0-57.el7.ppc.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64.rpm\n\nppc64le:\ncurl-7.29.0-57.el7.ppc64le.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64le.rpm\nlibcurl-7.29.0-57.el7.ppc64le.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64le.rpm\n\ns390x:\ncurl-7.29.0-57.el7.s390x.rpm\ncurl-debuginfo-7.29.0-57.el7.s390.rpm\ncurl-debuginfo-7.29.0-57.el7.s390x.rpm\nlibcurl-7.29.0-57.el7.s390.rpm\nlibcurl-7.29.0-57.el7.s390x.rpm\nlibcurl-devel-7.29.0-57.el7.s390.rpm\nlibcurl-devel-7.29.0-57.el7.s390x.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5436\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z\nqwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr\nu+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP\nMvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q\n9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r\nJcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+\nhJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T\nN0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc\nbgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/\ncBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7\n0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ\nM95S58Xnb8U=\n=UHVC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "PACKETSTORM",
"id": "153051"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5436",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/09/11/6",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "158035",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157425",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156523",
"trust": 0.8
},
{
"db": "BID",
"id": "108435",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153051",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "153003",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2033",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0651",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1494",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1177",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4380",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4780",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2593",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156753",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156986",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153010",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-156871",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-5436",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "PACKETSTORM",
"id": "153051"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"id": "VAR-201905-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:40:01.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TFTP receive buffer overflow",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/cve-2019-5436.html"
},
{
"title": "Haxx libcurl Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92898"
},
{
"title": "Red Hat: Low: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202505 - security advisory"
},
{
"title": "Red Hat: Low: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201020 - security advisory"
},
{
"title": "Red Hat: Moderate: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201792 - security advisory"
},
{
"title": "Ubuntu Security Notice: curl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3993-2"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3993-1"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5436: TFTP receive buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=af8cb489ed21fcca996e119afe1e5163"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5435: Integer overflows in curl_url_set",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae65389c96796d30251ace6eb631de7"
},
{
"title": "Arch Linux Advisories: [ASA-201905-16] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-16"
},
{
"title": "Debian Security Advisories: DSA-4633-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=13ee33e4932409d819a833a7d96f2574"
},
{
"title": "Arch Linux Advisories: [ASA-201905-12] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-12"
},
{
"title": "Arch Linux Advisories: [ASA-201905-11] libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-11"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1233",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1233"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-5436"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1233",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1233"
},
{
"title": "Arch Linux Advisories: [ASA-201905-15] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-15"
},
{
"title": "Arch Linux Advisories: [ASA-201905-14] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-14"
},
{
"title": "Arch Linux Advisories: [ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-13"
},
{
"title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203194 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5436"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2020/feb/36"
},
{
"trust": 1.8,
"url": "https://curl.haxx.se/docs/cve-2019-5436.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190606-0004/"
},
{
"trust": 1.8,
"url": "https://support.f5.com/csp/article/k55133295"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4633"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202003-29"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/09/11/6"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/108435"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5436"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3993-2"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3993-1"
},
{
"trust": 0.6,
"url": "https://seclists.org/oss-sec/2019/q2/124"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-5436cve-2019-5436curl:tftpreceiveheapbufferoverflowintftp_receive_packet()function"
},
{
"trust": 0.6,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108041"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3993-1/"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00036.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156523/debian-security-advisory-4633-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143490"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2593/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153003/ubuntu-security-notice-usn-3993-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2033/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1874/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0651/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4780/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-multiple-vulnerabilities-29382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4380/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1837/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153051/slackware-security-advisory-curl-updates.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157425/red-hat-security-advisory-2020-1792-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1494/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1177/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156753/gentoo-linux-security-advisory-202003-29.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158035/red-hat-security-advisory-2020-2505-01.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2505"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60232"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3993-2/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5435"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3993-1"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1792"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1020"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "PACKETSTORM",
"id": "153051"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-156871"
},
{
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"db": "PACKETSTORM",
"id": "153051"
},
{
"db": "PACKETSTORM",
"id": "153003"
},
{
"db": "PACKETSTORM",
"id": "158035"
},
{
"db": "PACKETSTORM",
"id": "156523"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "157425"
},
{
"db": "PACKETSTORM",
"id": "156986"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-28T00:00:00",
"db": "VULHUB",
"id": "VHN-156871"
},
{
"date": "2019-05-28T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"date": "2019-05-23T16:31:30",
"db": "PACKETSTORM",
"id": "153051"
},
{
"date": "2019-05-22T14:39:56",
"db": "PACKETSTORM",
"id": "153003"
},
{
"date": "2020-06-11T16:34:00",
"db": "PACKETSTORM",
"id": "158035"
},
{
"date": "2020-02-25T15:20:44",
"db": "PACKETSTORM",
"id": "156523"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2020-04-28T20:19:57",
"db": "PACKETSTORM",
"id": "157425"
},
{
"date": "2020-03-31T19:42:22",
"db": "PACKETSTORM",
"id": "156986"
},
{
"date": "2019-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"date": "2019-05-28T19:29:06.127000",
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-156871"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-5436"
},
{
"date": "2019-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004875"
},
{
"date": "2021-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-933"
},
{
"date": "2023-11-07T03:11:35.247000",
"db": "NVD",
"id": "CVE-2019-5436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004875"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-933"
}
],
"trust": 0.6
}
}
VAR-202012-1279
Vulnerability from variot - Updated: 2024-07-23 19:37curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl Contains a certificate validation vulnerability.Information may be tampered with. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:
Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
- NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
-
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
-
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
-
Previously, the PVCs could not be provisioned as the
rook-ceph-mdsdid not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument--public-addr=podIPis added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) -
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the
mds_cache_memory_limitargument during upgrades. With this update, themds_cache_memory_limitargument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) -
Previously, the coredumps were not generated in the correct location as rook was setting the config option
log_fileto an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of thelog_fileto build the dump path. With this update, rook does not set thelog_fileand keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under/var/log/ceph/. (BZ#1938049) -
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
-
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Bugs fixed (https://bugzilla.redhat.com/):
1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave
Security Update 2021-003 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212327.
APFS Available for: macOS Mojave Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann
Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher
CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University
CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx
curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher
DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu
FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro
FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher
Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga
ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security
Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr
Kernel Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr
Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins
libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz
NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome
Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications
tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher
Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Windows Server Available for: macOS Mojave Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-14
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: December 23, 2020 Bugs: #737990, #759259 ID: 202012-14
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in information disclosure or data loss.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.74.0 >= 7.74.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.74.0"
References
[ 1 ] CVE-2020-8231 https://nvd.nist.gov/vuln/detail/CVE-2020-8231 [ 2 ] CVE-2020-8284 https://nvd.nist.gov/vuln/detail/CVE-2020-8284 [ 3 ] CVE-2020-8285 https://nvd.nist.gov/vuln/detail/CVE-2020-8285 [ 4 ] CVE-2020-8286 https://nvd.nist.gov/vuln/detail/CVE-2020-8286
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-14
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq
Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).
CVE-2020-8177
sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.
CVE-2020-8231
Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.
CVE-2020-8284
Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.
CVE-2020-8285
xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
CVE-2020-8286
It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.
CVE-2021-22876
Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.
CVE-2021-22890
Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
libcurl could confuse session tickets arriving from the HTTPS proxy
as if they arrived from the remote server instead. This could allow
an HTTPS proxy to trick libcurl into using the wrong session ticket
for the host and thereby circumvent the server TLS certificate check.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.
We recommend that you upgrade your curl packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.74.0"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "hci bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "simatic tim 1531 irc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tim 1531 irc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.74.0",
"versionStartIncluding": "7.41.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
}
],
"trust": 1.0
},
"cve": "CVE-2020-8286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-8286",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-186411",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-8286",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8286",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-755",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186411",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8286",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl Contains a certificate validation vulnerability.Information may be tampered with. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID: RHSA-2021:2479-01\nProduct: Red Hat OpenShift Container Storage\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2479\nIssue date: 2021-06-17\nCVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion\n1971445 - Release of OpenShift Serverless Serving 1.16.0\n1971448 - Release of OpenShift Serverless Eventing 1.16.0\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave\n\nSecurity Update 2021-003 Mojave addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212327. \n\nAPFS\nAvailable for: macOS Mojave\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nAudio\nAvailable for: macOS Mojave\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Mojave\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\ncurl\nAvailable for: macOS Mojave\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an\nanonymous researcher, and Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous\nresearcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27942: an anonymous researcher\n\nFoundation\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nImageIO\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1843: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nlibxpc\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nNSRemoteView\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Mojave\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nsmbx\nAvailable for: macOS Mojave\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nTailspin\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\ntcpdump\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWi-Fi\nAvailable for: macOS Mojave\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nwifivelocityd\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nWindows Server\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6\njjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q\n/ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s\nI5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4\noVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt\nxrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a\nUhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk\nrf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT\nITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu\ns1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1\nk/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L\nI/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE=\n=NZ77\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202012-14\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: December 23, 2020\n Bugs: #737990, #759259\n ID: 202012-14\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in information disclosure or data loss. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.74.0 \u003e= 7.74.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.74.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8231\n https://nvd.nist.gov/vuln/detail/CVE-2020-8231\n[ 2 ] CVE-2020-8284\n https://nvd.nist.gov/vuln/detail/CVE-2020-8284\n[ 3 ] CVE-2020-8285\n https://nvd.nist.gov/vuln/detail/CVE-2020-8285\n[ 4 ] CVE-2020-8286\n https://nvd.nist.gov/vuln/detail/CVE-2020-8286\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202012-14\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMarch 30, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n Marek Szlagor reported that libcurl could be tricked into prepending\n a part of the password to the host name before it resolves it,\n potentially leaking the partial password over the network and to the\n DNS server(s). \n\nCVE-2020-8177\n\n sn reported that curl could be tricked by a malicious server into\n overwriting a local file when using th -J (--remote-header-name) and\n -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n Marc Aldorasi reported that libcurl might use the wrong connection\n when an application using libcurl\u0027s multi API sets the option\n CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n Varnavas Papaioannou reported that a malicious server could use the\n PASV response to trick curl into connecting back to an arbitrary IP\n address and port, potentially making curl extract information about\n services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n xnynx reported that libcurl could run out of stack space when using\n tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n It was reported that libcurl didn\u0027t verify that an OCSP response\n actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n Viktor Szakats reported that libcurl does not strip off user\n credentials from the URL when automatically populating the Referer\n HTTP request header field in outgoing HTTP requests. \n\nCVE-2021-22890\n\n Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n libcurl could confuse session tickets arriving from the HTTPS proxy\n as if they arrived from the remote server instead. This could allow\n an HTTPS proxy to trick libcurl into using the wrong session ticket\n for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "160706"
},
{
"db": "PACKETSTORM",
"id": "169015"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-186411",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8286",
"trust": 3.3
},
{
"db": "HACKERONE",
"id": "1048457",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-200951",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "160706",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95781418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162358",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160423",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162629",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0319",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1409.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4506",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1841",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0635",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2054",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042704",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051406",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072050",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052026",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-159-10",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162362",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162360",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186411",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "160706"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"id": "VAR-202012-1279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:37:06.068000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-200951",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"title": "HAXX libcurl Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=137265"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8286: Inferior OCSP verification",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b5024386b61af7dfe7d6777c542252"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-8286 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1693",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1693"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f387a8b703f2e28130691e84d6b3091f"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "envoy_mtls",
"trust": 0.1,
"url": "https://github.com/salrashid123/envoy_mtls "
},
{
"title": "ecr-api",
"trust": 0.1,
"url": "https://github.com/yalespinup/ecr-api "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Bad certificate verification (CWE-295) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://hackerone.com/reports/1048457"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212326"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212327"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/apr/50"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/apr/51"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/apr/54"
},
{
"trust": 1.7,
"url": "https://curl.se/docs/cve-2020-8286.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95781418/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-inferior-ocsp-verification-34068"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1841"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0635"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-curl-libcurl-vulnerabilites-impacting-aspera-high-speed-transfer-server-aspera-high-speed-transfer-endpoint-aspera-desktop-client-4-0-and-earlier-cve-2020-8284-cve-2020-8286-c/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162629/red-hat-security-advisory-2021-1610-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061010"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052026"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160706/gentoo-linux-security-advisory-202012-14.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072050"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212327"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2471"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160423/ubuntu-security-notice-usn-4665-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1700"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4343/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-10"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0319/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072122"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2020-8284-cve-2020-8285-and-cve-2020-8286/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4364/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4506/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2054"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-qradar-analyst-workflow-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212327."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "160706"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "160706"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186411"
},
{
"date": "2020-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"date": "2021-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"date": "2021-06-17T18:34:10",
"db": "PACKETSTORM",
"id": "163209"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-07-14T15:02:07",
"db": "PACKETSTORM",
"id": "163496"
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747"
},
{
"date": "2021-04-28T15:00:23",
"db": "PACKETSTORM",
"id": "162362"
},
{
"date": "2020-12-24T17:16:22",
"db": "PACKETSTORM",
"id": "160706"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169015"
},
{
"date": "2020-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"date": "2020-12-14T20:15:14.043000",
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-186411"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"date": "2021-08-17T09:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-755"
},
{
"date": "2024-03-27T15:47:53.600000",
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in Certificate Verification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-755"
}
],
"trust": 0.6
}
}
VAR-202206-1961
Vulnerability from variot - Updated: 2024-07-23 19:33When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6159-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6159 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32208 ==================================================================== 1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: HTTP compression denial of service (CVE-2022-32206)
-
curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-22.el8_6.4.src.rpm
aarch64: curl-7.61.1-22.el8_6.4.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-7.61.1-22.el8_6.4.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm
ppc64le: curl-7.61.1-22.el8_6.4.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm
s390x: curl-7.61.1-22.el8_6.4.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm curl-debugsource-7.61.1-22.el8_6.4.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-7.61.1-22.el8_6.4.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm libcurl-devel-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm
x86_64: curl-7.61.1-22.el8_6.4.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.4.i686.rpm curl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-7.61.1-22.el8_6.4.i686.rpm libcurl-7.61.1-22.el8_6.4.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.4.i686.rpm libcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+ YgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg EiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB dQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN blR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau 5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k nJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+ XPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd VaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas ML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw owX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF bBkTeh+fqsg=powM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
OpenShift sandboxed containers 1.3.1 is now available. Description:
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime.
Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Bugs fixed (https://bugzilla.redhat.com/):
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor
- JIRA issues fixed (https://issues.jboss.org/):
KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1] KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1] KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]
- ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fixes:
- moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
-
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
-
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
-
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
-
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
-
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
-
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
-
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
-
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
-
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
-
managed cluster is in "unknown" state for 120 mins after OADP restore
-
RHACM 2.5.2 images (BZ# 2104553)
-
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
-
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
-
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
-
cluster uninstall log points to incorrect container name (BZ# 2107359)
-
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
-
Single node checkbox not visible for 4.11 images (BZ# 2109134)
-
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
-
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
-
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
-
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
-
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions about installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
- Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1961",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.4"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.16.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168158"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "PACKETSTORM",
"id": "170741"
}
],
"trust": 0.6
},
"cve": "CVE-2022-32208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424135",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-32208",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-424135",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: curl security update\nAdvisory ID: RHSA-2022:6159-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6159\nIssue date: 2022-08-24\nCVE Names: CVE-2022-32206 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8_6.4.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.i686.rpm\ncurl-debugsource-7.61.1-22.el8_6.4.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-devel-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-7.61.1-22.el8_6.4.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwa9b9zjgjWX9erEAQi1rQ/+Kw4R4cPAIlGUx4vJwSMw8zwCDxnLviV+\nYgCpaCuUwCkWI9hrAQNC1O5i2MSl7j8jI9dt0Oe770VwNIZPzJMK8MX96zYdeOsg\nEiuwTW5KTWKwCeAvPt6ydVji9R0N7FMDBxmdi1aE8gBt8J6pIwp4ozrR4jXiXCjB\ndQJlc2kf7YXDiengte1jpXNCFh2ar9t8lqmW53Hu05zR8VFdAPk6NM1kTIploICN\nblR9t80TbWouBvN2A6gIZ0ZWnbJOY9odCBHdo5ay8kufmQC0K9QKb7jyoaUUHVau\n5/HVbncd7bFQuyu+yGoOxU1TCxwee3B9LAmR4uzDdJcaTxPgvK2cyskdTVz+9N9k\nnJLDYGaL7UNC7YkbByN58VC6fdGsnn8QIXHg7ICTgdhYiPZ3uP5JUiDrAGKKb/v+\nXPtwYHuh6yX0OfS0JqFEMjR0P1rFLiuDNBOPBDiTV2mBVd+7kiNTs1izUDGwQeFd\nVaNNNU4kpD3FGOgRwxIAKz2qCX+Ody8goBeJJPGcVlmDp025ZrMisl1QC8/3eTas\nML+TSvTeaSY/I35uPzKsoh1f+/lAwUsB54I6NxHH3vWYryievuSdpjtNsQInACjw\nowX+pU5CfOwdD56Hqdhb7fjuJVufo6VC8b0zy/vSZYnNt0cfojXA73F3B1K5+XcF\nbBkTeh+fqsg=powM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. \n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. Bugs fixed (https://bugzilla.redhat.com/):\n\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nKATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]\nKATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]\nKATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator\nKATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]\n\n6. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions about installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32208"
},
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "PACKETSTORM",
"id": "168158"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167661"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "PACKETSTORM",
"id": "170741"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32208",
"trust": 1.9
},
{
"db": "HACKERONE",
"id": "1590071",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167661",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168158",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168347",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168301",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-424135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170741",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "PACKETSTORM",
"id": "168158"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167661"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"id": "VAR-202206-1961",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:33:18.254000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1590071"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6159"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7058"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5499-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "PACKETSTORM",
"id": "168158"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167661"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "PACKETSTORM",
"id": "168158"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167661"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168289"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424135"
},
{
"date": "2022-08-25T15:25:12",
"db": "PACKETSTORM",
"id": "168158"
},
{
"date": "2022-10-20T14:21:57",
"db": "PACKETSTORM",
"id": "169443"
},
{
"date": "2022-07-01T14:59:23",
"db": "PACKETSTORM",
"id": "167661"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2022-09-14T15:08:07",
"db": "PACKETSTORM",
"id": "168378"
},
{
"date": "2022-09-07T17:09:04",
"db": "PACKETSTORM",
"id": "168289"
},
{
"date": "2022-09-26T15:37:32",
"db": "PACKETSTORM",
"id": "168503"
},
{
"date": "2023-01-26T15:29:09",
"db": "PACKETSTORM",
"id": "170741"
},
{
"date": "2022-07-07T13:15:08.467000",
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424135"
},
{
"date": "2024-03-27T15:00:41.657000",
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167661"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-6159-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "168158"
}
],
"trust": 0.1
}
}
VAR-202104-0334
Vulnerability from variot - Updated: 2024-07-23 19:28curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876) A vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. 1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure 1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
- Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Summary:
The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. ========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
curl could be made to expose sensitive information over the network.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876)
Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19
In general, a standard system update will make all the necessary changes. Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ACS 3.67 security and enhancement update Advisory ID: RHSA-2021:4902-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:4902 Issue date: 2021-12-01 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 =====================================================================
- Summary:
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes:
OpenShift Dedicated support
RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform.
-
Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS.
-
Enhancements for CI outputs Red Hat has improved the usability of RHACS CI integrations. CI outputs now show additional detailed information about the vulnerabilities and the security policies responsible for broken builds.
-
Runtime Class policy criteria Users can now use RHACS to define the container runtime configuration that may be used to run a pod’s containers using the Runtime Class policy criteria.
Security Fix(es):
-
civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API (CVE-2020-27304)
-
nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
-
nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)
-
golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)
-
helm: information disclosure vulnerability (CVE-2021-32690)
-
golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fixes The release of RHACS 3.67 includes the following bug fixes:
-
Previously, when using RHACS with the Compliance Operator integration, RHACS did not respect or populate Compliance Operator TailoredProfiles. This has been fixed.
-
Previously, the Alpine Linux package manager (APK) in Image policy looked for the presence of apk package in the image rather than the apk-tools package. This issue has been fixed.
System changes The release of RHACS 3.67 includes the following system changes:
- Scanner now identifies vulnerabilities in Ubuntu 21.10 images.
- The Port exposure method policy criteria now include route as an exposure method.
- The OpenShift: Kubeadmin Secret Accessed security policy now allows the OpenShift Compliance Operator to check for the existence of the Kubeadmin secret without creating a violation.
- The OpenShift Compliance Operator integration now supports using TailoredProfiles.
- The RHACS Jenkins plugin now provides additional security information.
- When you enable the environment variable ROX_NETWORK_ACCESS_LOG for Central, the logs contain the Request URI and X-Forwarded-For header values.
- The default uid:gid pair for the Scanner image is now 65534:65534.
- RHACS adds a new default Scope Manager role that includes minimum permissions to create and modify access scopes.
- If microdnf is part of an image or shows up in process execution, RHACS reports it as a security violation for the Red Hat Package Manager in Image or the Red Hat Package Manager Execution security policies.
- In addition to manually uploading vulnerability definitions in offline mode, you can now upload definitions in online mode.
- You can now format the output of the following roxctl CLI commands in table, csv, or JSON format: image scan, image check & deployment check
-
You can now use a regular expression for the deployment name while specifying policy exclusions
-
Solution:
To take advantage of these new features, fixes and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.67.
- Bugs fixed (https://bugzilla.redhat.com/):
1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API
- JIRA issues fixed (https://issues.jboss.org/):
RHACS-65 - Release RHACS 3.67.0
- References:
https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-27304 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3801 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-32690 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr Kjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w tKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e lq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV x4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2 e8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK qnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz vguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt G4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT PTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/ pJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN T0pPNmsPGZY= =ux5P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.1.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.75.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.75.0",
"versionStartIncluding": "7.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165758"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22876",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22876",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. This could lead to exposure of the credentials to the server to which requests were redirected. (CVE-2021-22876)\nA vulnerability was found in curl where a flaw in the option parser for sending NEW_ENV variables libcurl can pass uninitialized data from a stack-based buffer to the server. The highest threat from this vulnerability is to confidentiality. (CVE-2021-22898). Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1775 - [release-5.2] Syslog output is serializing json incorrectly\nLOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing\nLOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]\nLOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. \n1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure\n1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. ==========================================================================\nUbuntu Security Notice USN-4898-1\nMarch 31, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\ncurl could be made to expose sensitive information over the network. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nViktor Szakats discovered that curl did not strip off user credentials\nfrom referrer header fields. A remote attacker could possibly use this\nissue to obtain sensitive information. (CVE-2021-22876)\n\nMingtao Yang discovered that curl incorrectly handled session tickets when\nusing an HTTPS proxy. A remote attacker in control of an HTTPS proxy could\nuse this issue to bypass certificate checks and intercept communications. \nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. \n(CVE-2021-22890)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n curl 7.68.0-1ubuntu4.3\n libcurl3-gnutls 7.68.0-1ubuntu4.3\n libcurl3-nss 7.68.0-1ubuntu4.3\n libcurl4 7.68.0-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.5\n libcurl3-gnutls 7.68.0-1ubuntu2.5\n libcurl3-nss 7.68.0-1ubuntu2.5\n libcurl4 7.68.0-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.13\n libcurl3-gnutls 7.58.0-2ubuntu3.13\n libcurl3-nss 7.58.0-2ubuntu3.13\n libcurl4 7.58.0-2ubuntu3.13\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.19\n libcurl3 7.47.0-1ubuntu2.19\n libcurl3-gnutls 7.47.0-1ubuntu2.19\n libcurl3-nss 7.47.0-1ubuntu2.19\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.67 security and enhancement update\nAdvisory ID: RHSA-2021:4902-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4902\nIssue date: 2021-12-01\nCVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 \n CVE-2020-16135 CVE-2020-24370 CVE-2020-27304 \n CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 \n CVE-2021-3749 CVE-2021-3800 CVE-2021-3801 \n CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 \n CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 \n CVE-2021-23343 CVE-2021-23840 CVE-2021-23841 \n CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 \n CVE-2021-32690 CVE-2021-33560 CVE-2021-33574 \n CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 \n CVE-2021-36086 CVE-2021-36087 CVE-2021-39293 \n=====================================================================\n\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThe release of RHACS 3.67 provides the following new features, bug fixes,\nsecurity patches and system changes:\n\nOpenShift Dedicated support\n\nRHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on\nAmazon Web Services and Google Cloud Platform. \n\n1. Use OpenShift OAuth server as an identity provider\nIf you are using RHACS with OpenShift, you can now configure the built-in\nOpenShift OAuth server as an identity provider for RHACS. \n\n2. Enhancements for CI outputs\nRed Hat has improved the usability of RHACS CI integrations. CI outputs now\nshow additional detailed information about the vulnerabilities and the\nsecurity policies responsible for broken builds. \n\n3. Runtime Class policy criteria\nUsers can now use RHACS to define the container runtime configuration that\nmay be used to run a pod\u2019s containers using the Runtime Class policy\ncriteria. \n\nSecurity Fix(es):\n\n* civetweb: directory traversal when using the built-in example HTTP\nform-based file upload mechanism via the mg_handle_form_request API\n(CVE-2020-27304)\n\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n\n* nodejs-prismjs: ReDoS vulnerability (CVE-2021-3801)\n\n* golang: net: incorrect parsing of extraneous zero characters at the\nbeginning of an IP address octet (CVE-2021-29923)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\n* golang: archive/zip: malformed archive may cause panic or memory\nexhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fixes\nThe release of RHACS 3.67 includes the following bug fixes:\n\n1. Previously, when using RHACS with the Compliance Operator integration,\nRHACS did not respect or populate Compliance Operator TailoredProfiles. \nThis has been fixed. \n\n2. Previously, the Alpine Linux package manager (APK) in Image policy\nlooked for the presence of apk package in the image rather than the\napk-tools package. This issue has been fixed. \n\nSystem changes\nThe release of RHACS 3.67 includes the following system changes:\n\n1. Scanner now identifies vulnerabilities in Ubuntu 21.10 images. \n2. The Port exposure method policy criteria now include route as an\nexposure method. \n3. The OpenShift: Kubeadmin Secret Accessed security policy now allows the\nOpenShift Compliance Operator to check for the existence of the Kubeadmin\nsecret without creating a violation. \n4. The OpenShift Compliance Operator integration now supports using\nTailoredProfiles. \n5. The RHACS Jenkins plugin now provides additional security information. \n6. When you enable the environment variable ROX_NETWORK_ACCESS_LOG for\nCentral, the logs contain the Request URI and X-Forwarded-For header\nvalues. \n7. The default uid:gid pair for the Scanner image is now 65534:65534. \n8. RHACS adds a new default Scope Manager role that includes minimum\npermissions to create and modify access scopes. \n9. If microdnf is part of an image or shows up in process execution, RHACS\nreports it as a security violation for the Red Hat Package Manager in Image\nor the Red Hat Package Manager Execution security policies. \n10. In addition to manually uploading vulnerability definitions in offline\nmode, you can now upload definitions in online mode. \n11. You can now format the output of the following roxctl CLI commands in\ntable, csv, or JSON format: image scan, image check \u0026 deployment check\n12. You can now use a regular expression for the deployment name while\nspecifying policy exclusions\n\n3. Solution:\n\nTo take advantage of these new features, fixes and changes, please upgrade\nRed Hat Advanced Cluster Security for Kubernetes to version 3.67. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2005445 - CVE-2021-3801 nodejs-prismjs: ReDoS vulnerability\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2016640 - CVE-2020-27304 civetweb: directory traversal when using the built-in example HTTP form-based file upload mechanism via the mg_handle_form_request API\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-65 - Release RHACS 3.67.0\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-27304\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-3801\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-23343\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-29923\nhttps://access.redhat.com/security/cve/CVE-2021-32690\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-39293\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYafeGdzjgjWX9erEAQgZ8Q/9H5ov4ZfKZszdJu0WvRMetEt6DMU2RTZr\nKjv4h4FnmsMDYYDocnkFvsRjcpdGxtoUShAqD6+FrTNXjPtA/v1tsQTJzhg4o50w\ntKa9T4aHfrYXjGvWgQXJJEGmGaYMYePUOv77x6pLfMB+FmgfOtb8kzOdNzAtqX3e\nlq8b2DrQuPSRiWkUgFM2hmS7OtUsqTIShqWu67HJdOY74qDN4DGp7GnG6inCrUjV\nx4/4X5Fb7JrAYiy57C5eZwYW61HmrG7YHk9SZTRYgRW0rfgLncVsny4lX1871Ch2\ne8ttu0EJFM1EJyuCJwJd1Q+rhua6S1VSY+etLUuaYme5DtvozLXQTLUK31qAq/hK\nqnLYQjaSieea9j1dV6YNHjnvV0XGczyZYwzmys/CNVUxwvSHr1AJGmQ3zDeOt7Qz\nvguWmPzyiob3RtHjfUlUpPYeI6HVug801YK6FAoB9F2BW2uHVgbtKOwG5pl5urJt\nG4taizPtH8uJj5hem5nHnSE1sVGTiStb4+oj2LQonRkgLQ2h7tsX8Z8yWM/3TwUT\nPTBX9AIHwt8aCx7XxTeEIs0H9B1T9jYfy06o9H2547un9sBoT0Sm7fqKuJKic8N/\npJ2kXBiVJ9B4G+JjWe8rh1oC1yz5Q5/5HZ19VYBjHhYEhX4s9s2YsF1L1uMoT3NN\nT0pPNmsPGZY=\n=ux5P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22876"
},
{
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "162116"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165758"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22876",
"trust": 2.0
},
{
"db": "HACKERONE",
"id": "1101882",
"trust": 1.0
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.0
},
{
"db": "VULMON",
"id": "CVE-2021-22876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165288",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164886",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162116",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165758",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "162116"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"id": "VAR-202104-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-07-23T19:28:46.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22876",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dc9338ed355a659e53e38756033db037"
},
{
"title": "Red Hat: Moderate: rh-dotnet31-curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221354 - security advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1509",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1509"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1653",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1653"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-22876 log"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220434 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220318 - security advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220842 - security advisory"
},
{
"title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221081 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220580 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220856 - security advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221396 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "clair-client",
"trust": 0.1,
"url": "https://github.com/indece-official/clair-client "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22876"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.0,
"url": "https://curl.se/docs/cve-2021-22876.html"
},
{
"trust": 1.0,
"url": "https://hackerone.com/reports/1101882"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"trust": 1.0,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5129"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22817"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1396"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4898-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4903-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0318"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "162116"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
},
{
"db": "PACKETSTORM",
"id": "164886"
},
{
"db": "PACKETSTORM",
"id": "166789"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "162116"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165129"
},
{
"db": "PACKETSTORM",
"id": "165758"
},
{
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2021-12-15T15:22:36",
"db": "PACKETSTORM",
"id": "165288"
},
{
"date": "2021-11-10T17:12:32",
"db": "PACKETSTORM",
"id": "164886"
},
{
"date": "2022-04-20T15:12:33",
"db": "PACKETSTORM",
"id": "166789"
},
{
"date": "2021-03-31T14:30:52",
"db": "PACKETSTORM",
"id": "162037"
},
{
"date": "2021-04-07T20:09:46",
"db": "PACKETSTORM",
"id": "162116"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2021-12-02T16:06:16",
"db": "PACKETSTORM",
"id": "165129"
},
{
"date": "2022-01-28T14:33:13",
"db": "PACKETSTORM",
"id": "165758"
},
{
"date": "2021-04-01T18:15:12.823000",
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22876"
},
{
"date": "2024-03-27T15:47:49.590000",
"db": "NVD",
"id": "CVE-2021-22876"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "162116"
},
{
"db": "PACKETSTORM",
"id": "165129"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-5127-05",
"sources": [
{
"db": "PACKETSTORM",
"id": "165287"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "165288"
}
],
"trust": 0.2
}
}
VAR-202107-1361
Vulnerability from variot - Updated: 2024-07-23 19:28fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. 8.1) - ppc64le, x86_64
- Description:
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.7) - ppc64, ppc64le, x86_64
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Bug Fix(es):
-
[RHEL7.9.z] n_tty_open: "BUG: unable to handle kernel paging request" (BZ#1872778)
-
[ESXi][RHEL7.8]"qp_alloc_hypercall result = -20" / "Could not attach to queue pair with -20" with vSphere Fault Tolerance enabled (BZ#1892237)
-
[RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395)
-
False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221)
-
RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943)
-
The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688)
-
nvme hangs when trying to allocate reserved tag (BZ#1926825)
-
[REGRESSION] "call into AER handling regardless of severity" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663)
-
Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793)
-
sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052)
-
[Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075)
-
Kernel panic at cgroup_is_descendant (BZ#1957719)
-
[Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803)
-
IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339)
-
[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193)
-
mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406)
-
incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function 1961300 - CVE-2021-33033 kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1160.36.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: kernel-3.10.0-1160.36.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1160.36.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
ppc64: bpftool-3.10.0-1160.36.2.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64.rpm perf-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1160.36.2.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-headers-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.ppc64le.rpm perf-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1160.36.2.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.36.2.el7.s390x.rpm kernel-devel-3.10.0-1160.36.2.el7.s390x.rpm kernel-headers-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.36.2.el7.s390x.rpm perf-3.10.0-1160.36.2.el7.s390x.rpm perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm python-perf-3.10.0-1160.36.2.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm
x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1160.36.2.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.36.2.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm perf-3.10.0-1160.36.2.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-3.10.0-1160.36.2.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Bug Fix(es):
-
xfs umount hangs in xfs_wait_buftarg() due to negative bt_io_count (BZ#1949916)
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
Bug Fix(es):
-
kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1957359)
-
Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.8.2 bug fix and security update Advisory ID: RHSA-2021:2438-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2438 Issue date: 2021-07-27 CVE Names: CVE-2016-2183 CVE-2020-7774 CVE-2020-15106 CVE-2020-15112 CVE-2020-15113 CVE-2020-15114 CVE-2020-15136 CVE-2020-26160 CVE-2020-26541 CVE-2020-28469 CVE-2020-28500 CVE-2020-28852 CVE-2021-3114 CVE-2021-3121 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3636 CVE-2021-20206 CVE-2021-20271 CVE-2021-20291 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-22133 CVE-2021-23337 CVE-2021-23362 CVE-2021-23368 CVE-2021-23382 CVE-2021-25735 CVE-2021-25737 CVE-2021-26539 CVE-2021-26540 CVE-2021-27292 CVE-2021-28092 CVE-2021-29059 CVE-2021-29622 CVE-2021-32399 CVE-2021-33034 CVE-2021-33194 CVE-2021-33909 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2437
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html
Security Fix(es):
-
SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
-
etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)
-
etcd: DoS in wal/wal.go (CVE-2020-15112)
-
etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113)
-
etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114)
-
etcd: no authentication is performed against endpoints provided in the
-
--endpoints flag (CVE-2020-15136)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
-
containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
-
containers/storage: DoS via malicious image (CVE-2021-20291)
-
prometheus: open redirect under the /new endpoint (CVE-2021-29622)
-
golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
-
go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133)
Space precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64
The image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x
The image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le
The image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f
All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
1725981 - oc explain does not work well with full resource.group names
1747270 - [osp] Machine with name "-worker"couldn't join the cluster
1772993 - rbd block devices attached to a host are visible in unprivileged container pods
1786273 - [4.6] KAS pod logs show "error building openapi models ... has invalid property: anyOf" for CRDs
1786314 - [IPI][OSP] Install fails on OpenStack with self-signed certs unless the node running the installer has the CA cert in its system trusts
1801407 - Router in v4v6 mode puts brackets around IPv4 addresses in the Forwarded header
1812212 - ArgoCD example application cannot be downloaded from github
1817954 - [ovirt] Workers nodes are not numbered sequentially
1824911 - PersistentVolume yaml editor is read-only with system:persistent-volume-provisioner ClusterRole
1825219 - openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1825417 - The containerruntimecontroller doesn't roll back to CR-1 if we delete CR-2
1834551 - ClusterOperatorDown fires when operator is only degraded; states will block upgrades
1835264 - Intree provisioner doesn't respect PVC.spec.dataSource sometimes
1839101 - Some sidebar links in developer perspective don't follow same project
1840881 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes
1846875 - Network setup test high failure rate
1848151 - Console continues to poll the ClusterVersion resource when the user doesn't have authority
1850060 - After upgrading to 3.11.219 timeouts are appearing.
1852637 - Kubelet sets incorrect image names in node status images section
1852743 - Node list CPU column only show usage
1853467 - container_fs_writes_total is inconsistent with CPU/memory in summarizing cgroup values
1857008 - [Edge] [BareMetal] Not provided STATE value for machines
1857477 - Bad helptext for storagecluster creation
1859382 - check-endpoints panics on graceful shutdown
1862084 - Inconsistency of time formats in the OpenShift web-console
1864116 - Cloud credential operator scrolls warnings about unsupported platform
1866222 - Should output all options when runing operator-sdk init --help
1866318 - [RHOCS Usability Study][Dashboard] Users found it difficult to navigate to the OCS dashboard
1866322 - [RHOCS Usability Study][Dashboard] Alert details page does not help to explain the Alert
1866331 - [RHOCS Usability Study][Dashboard] Users need additional tooltips or definitions
1868755 - [vsphere] terraform provider vsphereprivate crashes when network is unavailable on host
1868870 - CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions
1868872 - CVE-2020-15112 etcd: DoS in wal/wal.go
1868874 - CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS
1868880 - CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag
1868883 - CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method
1871303 - [sig-instrumentation] Prometheus when installed on the cluster should have important platform topology metrics
1871770 - [IPI baremetal] The Keepalived.conf file is not indented evenly
1872659 - ClusterAutoscaler doesn't scale down when a node is not needed anymore
1873079 - SSH to api and console route is possible when the clsuter is hosted on Openstack
1873649 - proxy.config.openshift.io should validate user inputs
1874322 - openshift/oauth-proxy: htpasswd using SHA1 to store credentials
1874931 - Accessibility - Keyboard shortcut to exit YAML editor not easily discoverable
1876918 - scheduler test leaves taint behind
1878199 - Remove Log Level Normalization controller in cluster-config-operator release N+1
1878655 - [aws-custom-region] creating manifests take too much time when custom endpoint is unreachable
1878685 - Ingress resource with "Passthrough" annotation does not get applied when using the newer "networking.k8s.io/v1" API
1879077 - Nodes tainted after configuring additional host iface
1879140 - console auth errors not understandable by customers
1879182 - switch over to secure access-token logging by default and delete old non-sha256 tokens
1879184 - CVO must detect or log resource hotloops
1879495 - [4.6] namespace \“openshift-user-workload-monitoring\” does not exist”
1879638 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string
1879944 - [OCP 4.8] Slow PV creation with vsphere
1880757 - AWS: master not removed from LB/target group when machine deleted
1880758 - Component descriptions in cloud console have bad description (Managed by Terraform)
1881210 - nodePort for router-default metrics with NodePortService does not exist
1881481 - CVO hotloops on some service manifests
1881484 - CVO hotloops on deployment manifests
1881514 - CVO hotloops on imagestreams from cluster-samples-operator
1881520 - CVO hotloops on (some) clusterrolebindings
1881522 - CVO hotloops on clusterserviceversions packageserver
1881662 - Error getting volume limit for plugin kubernetes.io/ in kubelet logs
1881694 - Evidence of disconnected installs pulling images from the local registry instead of quay.io
1881938 - migrator deployment doesn't tolerate masters
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883587 - No option for user to select volumeMode
1883993 - Openshift 4.5.8 Deleting pv disk vmdk after delete machine
1884053 - cluster DNS experiencing disruptions during cluster upgrade in insights cluster
1884800 - Failed to set up mount unit: Invalid argument
1885186 - Removing ssh keys MC does not remove the key from authorized_keys
1885349 - [IPI Baremetal] Proxy Information Not passed to metal3
1885717 - activeDeadlineSeconds DeadlineExceeded does not show terminated container statuses
1886572 - auth: error contacting auth provider when extra ingress (not default) goes down
1887849 - When creating new storage class failure_domain is missing.
1888712 - Worker nodes do not come up on a baremetal IPI deployment with control plane network configured on a vlan on top of bond interface due to Pending CSRs
1889689 - AggregatedAPIErrors alert may never fire
1890678 - Cypress: Fix 'structure' accesibility violations
1890828 - Intermittent prune job failures causing operator degradation
1891124 - CP Conformance: CRD spec and status failures
1891301 - Deleting bmh by "oc delete bmh' get stuck
1891696 - [LSO] Add capacity UI does not check for node present in selected storageclass
1891766 - [LSO] Min-Max filter's from OCS wizard accepts Negative values and that cause PV not getting created
1892642 - oauth-server password metrics do not appear in UI after initial OCP installation
1892718 - HostAlreadyClaimed: The new route cannot be loaded with a new api group version
1893850 - Add an alert for requests rejected by the apiserver
1893999 - can't login ocp cluster with oc 4.7 client without the username
1895028 - [gcp-pd-csi-driver-operator] Volumes created by CSI driver are not deleted on cluster deletion
1895053 - Allow builds to optionally mount in cluster trust stores
1896226 - recycler-pod template should not be in kubelet static manifests directory
1896321 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1896751 - [RHV IPI] Worker nodes stuck in the Provisioning Stage if the machineset has a long name
1897415 - [Bare Metal - Ironic] provide the ability to set the cipher suite for ipmitool when doing a Bare Metal IPI install
1897621 - Auth test.Login test.logs in as kubeadmin user: Timeout
1897918 - [oVirt] e2e tests fail due to kube-apiserver not finishing
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1899057 - fix spurious br-ex MAC address error log
1899187 - [Openstack] node-valid-hostname.service failes during the first boot leading to 5 minute provisioning delay
1899587 - [External] RGW usage metrics shown on Object Service Dashboard is incorrect
1900454 - Enable host-based disk encryption on Azure platform
1900819 - Scaled ingress replicas following sharded pattern don't balance evenly across multi-AZ
1901207 - Search Page - Pipeline resources table not immediately updated after Name filter applied or removed
1901535 - Remove the managingOAuthAPIServer field from the authentication.operator API
1901648 - "do you need to set up custom dns" tooltip inaccurate
1902003 - Jobs Completions column is not sorting when there are "0 of 1" and "1 of 1" in the list.
1902076 - image registry operator should monitor status of its routes
1902247 - openshift-oauth-apiserver apiserver pod crashloopbackoffs
1903055 - [OSP] Validation should fail when no any IaaS flavor or type related field are given
1903228 - Pod stuck in Terminating, runc init process frozen
1903383 - Latest RHCOS 47.83. builds failing to install: mount /root.squashfs failed
1903553 - systemd container renders node NotReady after deleting it
1903700 - metal3 Deployment doesn't have unique Pod selector
1904006 - The --dir option doest not work for command oc image extract
1904505 - Excessive Memory Use in Builds
1904507 - vsphere-problem-detector: implement missing metrics
1904558 - Random init-p error when trying to start pod
1905095 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests
1905147 - ConsoleQuickStart Card's prerequisites is a combined text instead of a list
1905159 - Installation on previous unused dasd fails after formatting
1905331 - openshift-multus initContainer multus-binary-copy, etc. are not requesting required resources: cpu, memory
1905460 - Deploy using virtualmedia for disabled provisioning network on real BM(HPE) fails
1905577 - Control plane machines not adopted when provisioning network is disabled
1905627 - Warn users when using an unsupported browser such as IE
1905709 - Machine API deletion does not properly handle stopped instances on AWS or GCP
1905849 - Default volumesnapshotclass should be created when creating default storageclass
1906056 - Bundles skipped via the skips field cannot be pinned
1906102 - CBO produces standard metrics
1906147 - ironic-rhcos-downloader should not use --insecure
1906304 - Unexpected value NaN parsing x/y attribute when viewing pod Memory/CPU usage chart
1906740 - [aws]Machine should be "Failed" when creating a machine with invalid region
1907309 - Migrate controlflow v1alpha1 to v1beta1 in storage
1907315 - the internal load balancer annotation for AWS should use "true" instead of "0.0.0.0/0" as value
1907353 - [4.8] OVS daemonset is wasting resources even though it doesn't do anything
1907614 - Update kubernetes deps to 1.20
1908068 - Enable DownwardAPIHugePages feature gate
1908169 - The example of Import URL is "Fedora cloud image list" for all templates.
1908170 - sriov network resource injector: Hugepage injection doesn't work with mult container
1908343 - Input labels in Manage columns modal should be clickable
1908378 - [sig-network] pods should successfully create sandboxes by getting pod - Static Pod Failures
1908655 - "Evaluating rule failed" for "record: node:node_num_cpu:sum" rule
1908762 - [Dualstack baremetal cluster] multicast traffic is not working on ovn-kubernetes
1908765 - [SCALE] enable OVN lflow data path groups
1908774 - [SCALE] enable OVN DB memory trimming on compaction
1908916 - CNO: turn on OVN DB RAFT diffs once all master DB pods are capable of it
1909091 - Pod/node/ip/template isn't showing when vm is running
1909600 - Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error
1909849 - release-openshift-origin-installer-e2e-aws-upgrade-fips-4.4 is perm failing
1909875 - [sig-cluster-lifecycle] Cluster version operator acknowledges upgrade : timed out waiting for cluster to acknowledge upgrade
1910067 - UPI: openstacksdk fails on "server group list"
1910113 - periodic-ci-openshift-release-master-ocp-4.5-ci-e2e-44-stable-to-45-ci is never passing
1910318 - OC 4.6.9 Installer failed: Some pods are not scheduled: 3 node(s) didn't match node selector: AWS compute machines without status
1910378 - socket timeouts for webservice communication between pods
1910396 - 4.6.9 cred operator should back-off when provisioning fails on throttling
1910500 - Could not list CSI provisioner on web when create storage class on GCP platform
1911211 - Should show the cert-recovery-controller version correctly
1911470 - ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames
1912571 - libvirt: Support setting dnsmasq options through the install config
1912820 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade
1913112 - BMC details should be optional for unmanaged hosts
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
1913341 - GCP: strange cluster behavior in CI run
1913399 - switch to v1beta1 for the priority and fairness APIs
1913525 - Panic in OLM packageserver when invoking webhook authorization endpoint
1913532 - After a 4.6 to 4.7 upgrade, a node went unready
1913974 - snapshot test periodically failing with "can't open '/mnt/test/data': No such file or directory"
1914127 - Deletion of oc get svc router-default -n openshift-ingress hangs
1914446 - openshift-service-ca-operator and openshift-service-ca pods run as root
1914994 - Panic observed in k8s-prometheus-adapter since k8s 1.20
1915122 - Size of the hostname was preventing proper DNS resolution of the worker node names
1915693 - Not able to install gpu-operator on cpumanager enabled node.
1915971 - Role and Role Binding breadcrumbs do not work as expected
1916116 - the left navigation menu would not be expanded if repeat clicking the links in Overview page
1916118 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall
1916392 - scrape priority and fairness endpoints for must-gather
1916450 - Alertmanager: add title and text fields to Adv. config. section of Slack Receiver form
1916489 - [sig-scheduling] SchedulerPriorities [Serial] fails with "Error waiting for 1 pods to be running - probably a timeout: Timeout while waiting for pods with labels to be ready"
1916553 - Default template's description is empty on details tab
1916593 - Destroy cluster sometimes stuck in a loop
1916872 - need ability to reconcile exgw annotations on pod add
1916890 - [OCP 4.7] api or api-int not available during installation
1917241 - [en_US] The tooltips of Created date time is not easy to read in all most of UIs.
1917282 - [Migration] MCO stucked for rhel worker after enable the migration prepare state
1917328 - It should default to current namespace when create vm from template action on details page
1917482 - periodic-ci-openshift-release-master-ocp-4.7-e2e-metal-ipi failing with "cannot go from state 'deploy failed' to state 'manageable'"
1917485 - [oVirt] ovirt machine/machineset object has missing some field validations
1917667 - Master machine config pool updates are stalled during the migration from SDN to OVNKube.
1917906 - [oauth-server] bump k8s.io/apiserver to 1.20.3
1917931 - [e2e-gcp-upi] failing due to missing pyopenssl library
1918101 - [vsphere]Delete Provisioning machine took about 12 minutes
1918376 - Image registry pullthrough does not support ICSP, mirroring e2es do not pass
1918442 - Service Reject ACL does not work on dualstack
1918723 - installer fails to write boot record on 4k scsi lun on s390x
1918729 - Add hide/reveal button for the token field in the KMS configuration page
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
1918785 - Pod request and limit calculations in console are incorrect
1918910 - Scale from zero annotations should not requeue if instance type missing
1919032 - oc image extract - will not extract files from image rootdir - "error: unexpected directory from mapping tests.test"
1919048 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0
1919151 - [Azure] dnsrecords with invalid domain should not be published to Azure dnsZone
1919168 - oc adm catalog mirror doesn't work for the air-gapped cluster
1919291 - [Cinder-csi-driver] Filesystem did not expand for on-line volume resize
1919336 - vsphere-problem-detector should check if datastore is part of datastore cluster
1919356 - Add missing profile annotation in cluster-update-keys manifests
1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
1919398 - Permissive Egress NetworkPolicy (0.0.0.0/0) is blocking all traffic
1919406 - OperatorHub filter heading "Provider Type" should be "Source"
1919737 - hostname lookup delays when master node down
1920209 - Multus daemonset upgrade takes the longest time in the cluster during an upgrade
1920221 - GCP jobs exhaust zone listing query quota sometimes due to too many initializations of cloud provider in tests
1920300 - cri-o does not support configuration of stream idle time
1920307 - "VM not running" should be "Guest agent required" on vm details page in dev console
1920532 - Problem in trying to connect through the service to a member that is the same as the caller.
1920677 - Various missingKey errors in the devconsole namespace
1920699 - Operation cannot be fulfilled on clusterresourcequotas.quota.openshift.io error when creating different OpenShift resources
1920901 - [4.7]"500 Internal Error" for prometheus route in https_proxy cluster
1920903 - oc adm top reporting unknown status for Windows node
1920905 - Remove DNS lookup workaround from cluster-api-provider
1921106 - A11y Violation: button name(s) on Utilization Card on Cluster Dashboard
1921184 - kuryr-cni binds to wrong interface on machine with two interfaces
1921227 - Fix issues related to consuming new extensions in Console static plugins
1921264 - Bundle unpack jobs can hang indefinitely
1921267 - ResourceListDropdown not internationalized
1921321 - SR-IOV obliviously reboot the node
1921335 - ThanosSidecarUnhealthy
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921720 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel]
1921763 - operator registry has high memory usage in 4.7... cleanup row closes
1921778 - Push to stage now failing with semver issues on old releases
1921780 - Search page not fully internationalized
1921781 - DefaultList component not internationalized
1921878 - [kuryr] Egress network policy with namespaceSelector in Kuryr behaves differently than in OVN-Kubernetes
1921885 - Server-side Dry-run with Validation Downloads Entire OpenAPI spec often
1921892 - MAO: controller runtime manager closes event recorder
1921894 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated
1921937 - During upgrade /etc/hostname becomes a directory, nodes are set with kubernetes.io/hostname=localhost label
1921953 - ClusterServiceVersion property inference does not infer package and version
1922063 - "Virtual Machine" should be "Templates" in template wizard
1922065 - Rootdisk size is default to 15GiB in customize wizard
1922235 - [build-watch] e2e-aws-upi - e2e-aws-upi container setup failing because of Python code version mismatch
1922264 - Restore snapshot as a new PVC: RWO/RWX access modes are not click-able if parent PVC is deleted
1922280 - [v2v] on the upstream release, In VM import wizard I see RHV but no oVirt
1922646 - Panic in authentication-operator invoking webhook authorization
1922648 - FailedCreatePodSandBox due to "failed to pin namespaces [uts]: [pinns:e]: /var/run/utsns exists and is not a directory: File exists"
1922764 - authentication operator is degraded due to number of kube-apiservers
1922992 - some button text on YAML sidebar are not translated
1922997 - [Migration]The SDN migration rollback failed.
1923038 - [OSP] Cloud Info is loaded twice
1923157 - Ingress traffic performance drop due to NodePort services
1923786 - RHV UPI fails with unhelpful message when ASSET_DIR is not set.
1923811 - Registry claims Available=True despite .status.readyReplicas == 0 while .spec.replicas == 2
1923847 - Error occurs when creating pods if configuring multiple key-only labels in default cluster-wide node selectors or project-wide node selectors
1923984 - Incorrect anti-affinity for UWM prometheus
1924020 - panic: runtime error: index out of range [0] with length 0
1924075 - kuryr-controller restart when enablePortPoolsPrepopulation = true
1924083 - "Activity" Pane of Persistent Storage tab shows events related to Noobaa too
1924140 - [OSP] Typo in OPENSHFIT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS variable
1924171 - ovn-kube must handle single-stack to dual-stack migration
1924358 - metal UPI setup fails, no worker nodes
1924502 - Failed to start transient scope unit: Argument list too long / systemd[1]: Failed to set up mount unit: Invalid argument
1924536 - 'More about Insights' link points to support link
1924585 - "Edit Annotation" are not correctly translated in Chinese
1924586 - Control Plane status and Operators status are not fully internationalized
1924641 - [User Experience] The message "Missing storage class" needs to be displayed after user clicks Next and needs to be rephrased
1924663 - Insights operator should collect related pod logs when operator is degraded
1924701 - Cluster destroy fails when using byo with Kuryr
1924728 - Difficult to identify deployment issue if the destination disk is too small
1924729 - Create Storageclass for CephFS provisioner assumes incorrect default FSName in external mode (side-effect of fix for Bug 1878086)
1924747 - InventoryItem doesn't internationalize resource kind
1924788 - Not clear error message when there are no NADs available for the user
1924816 - Misleading error messages in ironic-conductor log
1924869 - selinux avc deny after installing OCP 4.7
1924916 - PVC reported as Uploading when it is actually cloning
1924917 - kuryr-controller in crash loop if IP is removed from secondary interfaces
1924953 - newly added 'excessive etcd leader changes' test case failing in serial job
1924968 - Monitoring list page filter options are not translated
1924983 - some components in utils directory not localized
1925017 - [UI] VM Details-> Network Interfaces, 'Name,' is displayed instead on 'Name'
1925061 - Prometheus backed by a PVC may start consuming a lot of RAM after 4.6 -> 4.7 upgrade due to series churn
1925083 - Some texts are not marked for translation on idp creation page.
1925087 - Add i18n support for the Secret page
1925148 - Shouldn't create the redundant imagestream when use oc new-app --name=testapp2 -i with exist imagestream
1925207 - VM from custom template - cloudinit disk is not added if creating the VM from custom template using customization wizard
1925216 - openshift installer fails immediately failed to fetch Install Config
1925236 - OpenShift Route targets every port of a multi-port service
1925245 - oc idle: Clusters upgrading with an idled workload do not have annotations on the workload's service
1925261 - Items marked as mandatory in KMS Provider form are not enforced
1925291 - Baremetal IPI - While deploying with IPv6 provision network with subnet other than /64 masters fail to PXE boot
1925343 - [ci] e2e-metal tests are not using reserved instances
1925493 - Enable snapshot e2e tests
1925586 - cluster-etcd-operator is leaking transports
1925614 - Error: InstallPlan.operators.coreos.com not found
1925698 - On GCP, load balancers report kube-apiserver fails its /readyz check 50% of the time, causing load balancer backend churn and disruptions to apiservers
1926029 - [RFE] Either disable save or give warning when no disks support snapshot
1926054 - Localvolume CR is created successfully, when the storageclass name defined in the localvolume exists.
1926072 - Close button (X) does not work in the new "Storage cluster exists" Warning alert message(introduced via fix for Bug 1867400)
1926082 - Insights operator should not go degraded during upgrade
1926106 - [ja_JP][zh_CN] Create Project, Delete Project and Delete PVC modal are not fully internationalized
1926115 - Texts in “Insights” popover on overview page are not marked for i18n
1926123 - Pseudo bug: revert "force cert rotation every couple days for development" in 4.7
1926126 - some kebab/action menu translation issues
1926131 - Add HPA page is not fully internationalized
1926146 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it
1926154 - Create new pool with arbiter - wrong replica
1926278 - [oVirt] consume K8S 1.20 packages
1926279 - Pod ignores mtu setting from sriovNetworkNodePolicies in case of PF partitioning
1926285 - ignore pod not found status messages
1926289 - Accessibility: Modal content hidden from screen readers
1926310 - CannotRetrieveUpdates alerts on Critical severity
1926329 - [Assisted-4.7][Staging] monitoring stack in staging is being overloaded by the amount of metrics being exposed by assisted-installer pods and scraped by prometheus.
1926336 - Service details can overflow boxes at some screen widths
1926346 - move to go 1.15 and registry.ci.openshift.org
1926364 - Installer timeouts because proxy blocked connection to Ironic API running on bootstrap VM
1926465 - bootstrap kube-apiserver does not have --advertise-address set – was: [BM][IPI][DualStack] Installation fails cause Kubernetes service doesn't have IPv6 endpoints
1926484 - API server exits non-zero on 2 SIGTERM signals
1926547 - OpenShift installer not reporting IAM permission issue when removing the Shared Subnet Tag
1926579 - Setting .spec.policy is deprecated and will be removed eventually. Please use .spec.profile instead is being logged every 3 seconds in scheduler operator log
1926598 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results
1926776 - "Template support" modal appears when select the RHEL6 common template
1926835 - [e2e][automation] prow gating use unsupported CDI version
1926843 - pipeline with finally tasks status is improper
1926867 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade
1926893 - When deploying the operator via OLM (after creating the respective catalogsource), the deployment "lost" the resources section.
1926903 - NTO may fail to disable stalld when relying on Tuned '[service]' plugin
1926931 - Inconsistent ovs-flow rule on one of the app node for egress node
1926943 - vsphere-problem-detector: Alerts in CI jobs
1926977 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs
1927013 - Tables don't render properly at smaller screen widths
1927017 - CCO does not relinquish leadership when restarting for proxy CA change
1927042 - Empty static pod files on UPI deployments are confusing
1927047 - multiple external gateway pods will not work in ingress with IP fragmentation
1927068 - Workers fail to PXE boot when IPv6 provisionining network has subnet other than /64
1927075 - [e2e][automation] Fix pvc string in pvc.view
1927118 - OCP 4.7: NVIDIA GPU Operator DCGM metrics not displayed in OpenShift Console Monitoring Metrics page
1927244 - UPI installation with Kuryr timing out on bootstrap stage
1927263 - kubelet service takes around 43 secs to start container when started from stopped state
1927264 - FailedCreatePodSandBox due to multus inability to reach apiserver
1927310 - Performance: Console makes unnecessary requests for en-US messages on load
1927340 - Race condition in OperatorCondition reconcilation
1927366 - OVS configuration service unable to clone NetworkManager's connections in the overlay FS
1927391 - Fix flake in TestSyncPodsDeletesWhenSourcesAreReady
1927393 - 4.7 still points to 4.6 catalog images
1927397 - p&f: add auto update for priority & fairness bootstrap configuration objects
1927423 - Happy "Not Found" and no visible error messages on error-list page when /silences 504s
1927465 - Homepage dashboard content not internationalized
1927678 - Reboot interface defaults to softPowerOff so fencing is too slow
1927731 - /usr/lib/dracut/modules.d/30ignition/ignition --version sigsev
1927797 - 'Pod(s)' should be included in the pod donut label when a horizontal pod autoscaler is enabled
1927882 - Can't create cluster role binding from UI when a project is selected
1927895 - global RuntimeConfig is overwritten with merge result
1927898 - i18n Admin Notifier
1927902 - i18n Cluster Utilization dashboard duration
1927903 - "CannotRetrieveUpdates" - critical error in openshift web console
1927925 - Manually misspelled as Manualy
1927941 - StatusDescriptor detail item and Status component can cause runtime error when the status is an object or array
1927942 - etcd should use socket option (SO_REUSEADDR) instead of wait for port release on process restart
1927944 - cluster version operator cycles terminating state waiting for leader election
1927993 - Documentation Links in OKD Web Console are not Working
1928008 - Incorrect behavior when we click back button after viewing the node details in Internal-attached mode
1928045 - N+1 scaling Info message says "single zone" even if the nodes are spread across 2 or 0 zones
1928147 - Domain search set in the required domains in Option 119 of DHCP Server is ignored by RHCOS on RHV
1928157 - 4.7 CNO claims to be done upgrading before it even starts
1928164 - Traffic to outside the cluster redirected when OVN is used and NodePort service is configured
1928297 - HAProxy fails with 500 on some requests
1928473 - NetworkManager overlay FS not being created on None platform
1928512 - sap license management logs gatherer
1928537 - Cannot IPI with tang/tpm disk encryption
1928640 - Definite error message when using StorageClass based on azure-file / Premium_LRS
1928658 - Update plugins and Jenkins version to prepare openshift-sync-plugin 1.0.46 release
1928850 - Unable to pull images due to limited quota on Docker Hub
1928851 - manually creating NetNamespaces will break things and this is not obvious
1928867 - golden images - DV should not be created with WaitForFirstConsumer
1928869 - Remove css required to fix search bug in console caused by pf issue in 2021.1
1928875 - Update translations
1928893 - Memory Pressure Drop Down Info is stating "Disk" capacity is low instead of memory
1928931 - DNSRecord CRD is using deprecated v1beta1 API
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
1929052 - Add new Jenkins agent maven dir for 3.6
1929056 - kube-apiserver-availability.rules are failing evaluation
1929110 - LoadBalancer service check test fails during vsphere upgrade
1929136 - openshift isn't able to mount nfs manila shares to pods
1929175 - LocalVolumeSet: PV is created on disk belonging to other provisioner
1929243 - Namespace column missing in Nodes Node Details / pods tab
1929277 - Monitoring workloads using too high a priorityclass
1929281 - Update Tech Preview badge to transparent border color when upgrading to PatternFly v4.87.1
1929314 - ovn-kubernetes endpoint slice controller doesn't run on CI jobs
1929359 - etcd-quorum-guard uses origin-cli [4.8]
1929577 - Edit Application action overwrites Deployment envFrom values on save
1929654 - Registry for Azure uses legacy V1 StorageAccount
1929693 - Pod stuck at "ContainerCreating" status
1929733 - oVirt CSI driver operator is constantly restarting
1929769 - Getting 404 after switching user perspective in another tab and reload Project details
1929803 - Pipelines shown in edit flow for Workloads created via ContainerImage flow
1929824 - fix alerting on volume name check for vsphere
1929917 - Bare-metal operator is firing for ClusterOperatorDown for 15m during 4.6 to 4.7 upgrade
1929944 - The etcdInsufficientMembers alert fires incorrectly when any instance is down and not when quorum is lost
1930007 - filter dropdown item filter and resource list dropdown item filter doesn't support multi selection
1930015 - OS list is overlapped by buttons in template wizard
1930064 - Web console crashes during VM creation from template when no storage classes are defined
1930220 - Cinder CSI driver is not able to mount volumes under heavier load
1930240 - Generated clouds.yaml incomplete when provisioning network is disabled
1930248 - After creating a remediation flow and rebooting a worker there is no access to the openshift-web-console
1930268 - intel vfio devices are not expose as resources
1930356 - Darwin binary missing from mirror.openshift.com
1930393 - Gather info about unhealthy SAP pods
1930546 - Monitoring-dashboard-workload keep loading when user with cluster-role cluster-monitoring-view login develoer console
1930570 - Jenkins templates are displayed in Developer Catalog twice
1930620 - the logLevel field in containerruntimeconfig can't be set to "trace"
1930631 - Image local-storage-mustgather in the doc does not come from product registry
1930893 - Backport upstream patch 98956 for pod terminations
1931005 - Related objects page doesn't show the object when its name is empty
1931103 - remove periodic log within kubelet
1931115 - Azure cluster install fails with worker type workers Standard_D4_v2
1931215 - [RFE] Cluster-api-provider-ovirt should handle affinity groups
1931217 - [RFE] Installer should create RHV Affinity group for OCP cluster VMS
1931467 - Kubelet consuming a large amount of CPU and memory and node becoming unhealthy
1931505 - [IPI baremetal] Two nodes hold the VIP post remove and start of the Keepalived container
1931522 - Fresh UPI install on BM with bonding using OVN Kubernetes fails
1931529 - SNO: mentioning of 4 nodes in error message - Cluster network CIDR prefix 24 does not contain enough addresses for 4 hosts each one with 25 prefix (128 addresses)
1931629 - Conversational Hub Fails due to ImagePullBackOff
1931637 - Kubeturbo Operator fails due to ImagePullBackOff
1931652 - [single-node] etcd: discover-etcd-initial-cluster graceful termination race.
1931658 - [single-node] cluster-etcd-operator: cluster never pivots from bootstrapIP endpoint
1931674 - [Kuryr] Enforce nodes MTU for the Namespaces and Pods
1931852 - Ignition HTTP GET is failing, because DHCP IPv4 config is failing silently
1931883 - Fail to install Volume Expander Operator due to CrashLookBackOff
1931949 - Red Hat Integration Camel-K Operator keeps stuck in Pending state
1931974 - Operators cannot access kubeapi endpoint on OVNKubernetes on ipv6
1931997 - network-check-target causes upgrade to fail from 4.6.18 to 4.7
1932001 - Only one of multiple subscriptions to the same package is honored
1932097 - Apiserver liveness probe is marking it as unhealthy during normal shutdown
1932105 - machine-config ClusterOperator claims level while control-plane still updating
1932133 - AWS EBS CSI Driver doesn’t support “csi.storage.k8s.io/fsTyps” parameter
1932135 - When “iopsPerGB” parameter is not set, event for AWS EBS CSI Driver provisioning is not clear
1932152 - When “iopsPerGB” parameter is set to a wrong number, events for AWS EBS CSI Driver provisioning are not clear
1932154 - [AWS ] machine stuck in provisioned phase , no warnings or errors
1932182 - catalog operator causing CPU spikes and bad etcd performance
1932229 - Can’t find kubelet metrics for aws ebs csi volumes
1932281 - [Assisted-4.7][UI] Unable to change upgrade channel once upgrades were discovered
1932323 - CVE-2021-26540 sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element
1932324 - CRIO fails to create a Pod in sandbox stage - starting container process caused: process_linux.go:472: container init caused: Running hook #0:: error running hook: exit status 255, stdout: , stderr: \"\n"
1932362 - CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation
1932401 - Cluster Ingress Operator degrades if external LB redirects http to https because of new "canary" route
1932453 - Update Japanese timestamp format
1932472 - Edit Form/YAML switchers cause weird collapsing/code-folding issue
1932487 - [OKD] origin-branding manifest is missing cluster profile annotations
1932502 - Setting MTU for a bond interface using Kernel arguments is not working
1932618 - Alerts during a test run should fail the test job, but were not
1932624 - ClusterMonitoringOperatorReconciliationErrors is pending at the end of an upgrade and probably should not be
1932626 - During a 4.8 GCP upgrade OLM fires an alert indicating the operator is unhealthy
1932673 - Virtual machine template provided by red hat should not be editable. The UI allows to edit and then reverse the change after it was made
1932789 - Proxy with port is unable to be validated if it overlaps with service/cluster network
1932799 - During a hive driven baremetal installation the process does not go beyond 80% in the bootstrap VM
1932805 - e2e: test OAuth API connections in the tests by that name
1932816 - No new local storage operator bundle image is built
1932834 - enforce the use of hashed access/authorize tokens
1933101 - Can not upgrade a Helm Chart that uses a library chart in the OpenShift dev console
1933102 - Canary daemonset uses default node selector
1933114 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Suite:openshift/conformance/parallel/minimal]
1933159 - multus DaemonSets should use maxUnavailable: 33%
1933173 - openshift-sdn/sdn DaemonSet should use maxUnavailable: 10%
1933174 - openshift-sdn/ovs DaemonSet should use maxUnavailable: 10%
1933179 - network-check-target DaemonSet should use maxUnavailable: 10%
1933180 - openshift-image-registry/node-ca DaemonSet should use maxUnavailable: 10%
1933184 - openshift-cluster-csi-drivers DaemonSets should use maxUnavailable: 10%
1933263 - user manifest with nodeport services causes bootstrap to block
1933269 - Cluster unstable replacing an unhealthy etcd member
1933284 - Samples in CRD creation are ordered arbitarly
1933414 - Machines are created with unexpected name for Ports
1933599 - bump k8s.io/apiserver to 1.20.3
1933630 - [Local Volume] Provision disk failed when disk label has unsupported value like ":"
1933664 - Getting Forbidden for image in a container template when creating a sample app
1933708 - Grafana is not displaying deployment config resources in dashboard Default /Kubernetes / Compute Resources / Namespace (Workloads)
1933711 - EgressDNS: Keep short lived records at most 30s
1933730 - [AI-UI-Wizard] Toggling "Use extra disks for local storage" checkbox highlights the "Next" button to move forward but grays out once clicked
1933761 - Cluster DNS service caps TTLs too low and thus evicts from its cache too aggressively
1933772 - MCD Crash Loop Backoff
1933805 - TargetDown alert fires during upgrades because of normal upgrade behavior
1933857 - Details page can throw an uncaught exception if kindObj prop is undefined
1933880 - Kuryr-Controller crashes when it's missing the status object
1934021 - High RAM usage on machine api termination node system oom
1934071 - etcd consuming high amount of memory and CPU after upgrade to 4.6.17
1934080 - Both old and new Clusterlogging CSVs stuck in Pending during upgrade
1934085 - Scheduling conformance tests failing in a single node cluster
1934107 - cluster-authentication-operator builds URL incorrectly for IPv6
1934112 - Add memory and uptime metadata to IO archive
1934113 - mcd panic when there's not enough free disk space
1934123 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP
1934163 - Thanos Querier restarting and gettin alert ThanosQueryHttpRequestQueryRangeErrorRateHigh
1934174 - rootfs too small when enabling NBDE
1934176 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3
1934177 - knative-camel-operator CreateContainerError "container_linux.go:366: starting container process caused: chdir to cwd (\"/home/nonroot\") set in config.json failed: permission denied"
1934216 - machineset-controller stuck in CrashLoopBackOff after upgrade to 4.7.0
1934229 - List page text filter has input lag
1934397 - Extend OLM operator gatherer to include Operator/ClusterServiceVersion conditions
1934400 - [ocp_4][4.6][apiserver-auth] OAuth API servers are not ready - PreconditionNotReady
1934516 - Setup different priority classes for prometheus-k8s and prometheus-user-workload pods
1934556 - OCP-Metal images
1934557 - RHCOS boot image bump for LUKS fixes
1934643 - Need BFD failover capability on ECMP routes
1934711 - openshift-ovn-kubernetes ovnkube-node DaemonSet should use maxUnavailable: 10%
1934773 - Canary client should perform canary probes explicitly over HTTPS (rather than redirect from HTTP)
1934905 - CoreDNS's "errors" plugin is not enabled for custom upstream resolvers
1935058 - Can’t finish install sts clusters on aws government region
1935102 - Error: specifying a root certificates file with the insecure flag is not allowed during oc login
1935155 - IGMP/MLD packets being dropped
1935157 - [e2e][automation] environment tests broken
1935165 - OCP 4.6 Build fails when filename contains an umlaut
1935176 - Missing an indication whether the deployed setup is SNO.
1935269 - Topology operator group shows child Jobs. Not shown in details view's resources.
1935419 - Failed to scale worker using virtualmedia on Dell R640
1935528 - [AWS][Proxy] ingress reports degrade with CanaryChecksSucceeding=False in the cluster with proxy setting
1935539 - Openshift-apiserver CO unavailable during cluster upgrade from 4.6 to 4.7
1935541 - console operator panics in DefaultDeployment with nil cm
1935582 - prometheus liveness probes cause issues while replaying WAL
1935604 - high CPU usage fails ingress controller
1935667 - pipelinerun status icon rendering issue
1935706 - test: Detect when the master pool is still updating after upgrade
1935732 - Update Jenkins agent maven directory to be version agnostic [ART ocp build data]
1935814 - Pod and Node lists eventually have incorrect row heights when additional columns have long text
1935909 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade
1936022 - DNS operator performs spurious updates in response to API's defaulting of daemonset's terminationGracePeriod and service's clusterIPs
1936030 - Ingress operator performs spurious updates in response to API's defaulting of NodePort service's clusterIPs field
1936223 - The IPI installer has a typo. It is missing the word "the" in "the Engine".
1936336 - Updating multus-cni builder & base images to be consistent with ART 4.8 (closed)
1936342 - kuryr-controller restarting after 3 days cluster running - pools without members
1936443 - Hive based OCP IPI baremetal installation fails to connect to API VIP port 22623
1936488 - [sig-instrumentation][Late] Alerts shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured: Prometheus query error
1936515 - sdn-controller is missing some health checks
1936534 - When creating a worker with a used mac-address stuck on registering
1936585 - configure alerts if the catalogsources are missing
1936620 - OLM checkbox descriptor renders switch instead of checkbox
1936721 - network-metrics-deamon not associated with a priorityClassName
1936771 - [aws ebs csi driver] The event for Pod consuming a readonly PVC is not clear
1936785 - Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data
1936788 - RBD RWX PVC creation with Filesystem volume mode selection is creating RWX PVC with Block volume mode instead of disabling Filesystem volume mode selection
1936798 - Authentication log gatherer shouldn't scan all the pod logs in the openshift-authentication namespace
1936801 - Support ServiceBinding 0.5.0+
1936854 - Incorrect imagestream is shown as selected in knative service container image edit flow
1936857 - e2e-ovirt-ipi-install-install is permafailing on 4.5 nightlies
1936859 - ovirt 4.4 -> 4.5 upgrade jobs are permafailing
1936867 - Periodic vsphere IPI install is broken - missing pip
1936871 - [Cinder CSI] Topology aware provisioning doesn't work when Nova and Cinder AZs are different
1936904 - Wrong output YAML when syncing groups without --confirm
1936983 - Topology view - vm details screen isntt stop loading
1937005 - when kuryr quotas are unlimited, we should not sent alerts
1937018 - FilterToolbar component does not handle 'null' value for 'rowFilters' prop
1937020 - Release new from image stream chooses incorrect ID based on status
1937077 - Blank White page on Topology
1937102 - Pod Containers Page Not Translated
1937122 - CAPBM changes to support flexible reboot modes
1937145 - [Local storage] PV provisioned by localvolumeset stays in "Released" status after the pod/pvc deleted
1937167 - [sig-arch] Managed cluster should have no crashlooping pods in core namespaces over four minutes
1937244 - [Local Storage] The model name of aws EBS doesn't be extracted well
1937299 - pod.spec.volumes.awsElasticBlockStore.partition is not respected on NVMe volumes
1937452 - cluster-network-operator CI linting fails in master branch
1937459 - Wrong Subnet retrieved for Service without Selector
1937460 - [CI] Network quota pre-flight checks are failing the installation
1937464 - openstack cloud credentials are not getting configured with correct user_domain_name across the cluster
1937466 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation
1937496 - Metrics viewer in OCP Console is missing date in a timestamp for selected datapoint
1937535 - Not all image pulls within OpenShift builds retry
1937594 - multiple pods in ContainerCreating state after migration from OpenshiftSDN to OVNKubernetes
1937627 - Bump DEFAULT_DOC_URL for 4.8
1937628 - Bump upgrade channels for 4.8
1937658 - Description for storage class encryption during storagecluster creation needs to be updated
1937666 - Mouseover on headline
1937683 - Wrong icon classification of output in buildConfig when the destination is a DockerImage
1937693 - ironic image "/" cluttered with files
1937694 - [oVirt] split ovirt providerIDReconciler logic into NodeController and ProviderIDController
1937717 - If browser default font size is 20, the layout of template screen breaks
1937722 - OCP 4.8 vuln due to BZ 1936445
1937929 - Operand page shows a 404:Not Found error for OpenShift GitOps Operator
1937941 - [RFE]fix wording for favorite templates
1937972 - Router HAProxy config file template is slow to render due to repetitive regex compilations
1938131 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go
1938321 - Cannot view PackageManifest objects in YAML on 'Home > Search' page nor 'CatalogSource details > Operators tab'
1938465 - thanos-querier should set a CPU request on the thanos-query container
1938466 - packageserver deployment sets neither CPU or memory request on the packageserver container
1938467 - The default cluster-autoscaler should get default cpu and memory requests if user omits them
1938468 - kube-scheduler-operator has a container without a CPU request
1938492 - Marketplace extract container does not request CPU or memory
1938493 - machine-api-operator declares restrictive cpu and memory limits where it should not
1938636 - Can't set the loglevel of the container: cluster-policy-controller and kube-controller-manager-recovery-controller
1938903 - Time range on dashboard page will be empty after drog and drop mouse in the graph
1938920 - ovnkube-master/ovs-node DaemonSets should use maxUnavailable: 10%
1938947 - Update blocked from 4.6 to 4.7 when using spot/preemptible instances
1938949 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found
1939054 - machine healthcheck kills aws spot instance before generated
1939060 - CNO: nodes and masters are upgrading simultaneously
1939069 - Add source to vm template silently failed when no storage class is defined in the cluster
1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string
1939168 - Builds failing for OCP 3.11 since PR#25 was merged
1939226 - kube-apiserver readiness probe appears to be hitting /healthz, not /readyz
1939227 - kube-apiserver liveness probe appears to be hitting /healthz, not /livez
1939232 - CI tests using openshift/hello-world broken by Ruby Version Update
1939270 - fix co upgradeableFalse status and reason
1939294 - OLM may not delete pods with grace period zero (force delete)
1939412 - missed labels for thanos-ruler pods
1939485 - CVE-2021-20291 containers/storage: DoS via malicious image
1939547 - Include container="POD" in resource queries
1939555 - VSphereProblemDetectorControllerDegraded: context canceled during upgrade to 4.8.0
1939573 - after entering valid git repo url on add flow page, throwing warning message instead Validated
1939580 - Authentication operator is degraded during 4.8 to 4.8 upgrade and normal 4.8 e2e runs
1939606 - Attempting to put a host into maintenance mode warns about Ceph cluster health, but no storage cluster problems are apparent
1939661 - support new AWS region ap-northeast-3
1939726 - clusteroperator/network should not change condition/Degraded during normal serial test execution
1939731 - Image registry operator reports unavailable during normal serial run
1939734 - Node Fanout Causes Excessive WATCH Secret Calls, Taking Down Clusters
1939740 - dual stack nodes with OVN single ipv6 fails on bootstrap phase
1939752 - ovnkube-master sbdb container does not set requests on cpu or memory
1939753 - Delete HCO is stucking if there is still VM in the cluster
1939815 - Change the Warning Alert for Encrypted PVs in Create StorageClass(provisioner:RBD) page
1939853 - [DOC] Creating manifests API should not allow folder in the "file_name"
1939865 - GCP PD CSI driver does not have CSIDriver instance
1939869 - [e2e][automation] Add annotations to datavolume for HPP
1939873 - Unlimited number of characters accepted for base domain name
1939943 - cluster-kube-apiserver-operator check-endpoints observed a panic: runtime error: invalid memory address or nil pointer dereference
1940030 - cluster-resource-override: fix spelling mistake for run-level match expression in webhook configuration
1940057 - Openshift builds should use a wach instead of polling when checking for pod status
1940142 - 4.6->4.7 updates stick on OpenStackCinderCSIDriverOperatorCR_OpenStackCinderDriverControllerServiceController_Deploying
1940159 - [OSP] cluster destruction fails to remove router in BYON (with provider network) with Kuryr as primary network
1940206 - Selector and VolumeTableRows not i18ned
1940207 - 4.7->4.6 rollbacks stuck on prometheusrules admission webhook "no route to host"
1940314 - Failed to get type for Dashboard Kubernetes / Compute Resources / Namespace (Workloads)
1940318 - No data under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod'
1940322 - Split of dashbard is wrong, many Network parts
1940337 - rhos-ipi installer fails with not clear message when openstack tenant doesn't have flavors needed for compute machines
1940361 - [e2e][automation] Fix vm action tests with storageclass HPP
1940432 - Gather datahubs.installers.datahub.sap.com resources from SAP clusters
1940488 - After fix for CVE-2021-3344, Builds do not mount node entitlement keys
1940498 - pods may fail to add logical port due to lr-nat-del/lr-nat-add error messages
1940499 - hybrid-overlay not logging properly before exiting due to an error
1940518 - Components in bare metal components lack resource requests
1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header
1940704 - prjquota is dropped from rootflags if rootfs is reprovisioned
1940755 - [Web-console][Local Storage] LocalVolumeSet could not be created from web-console without detail error info
1940865 - Add BareMetalPlatformType into e2e upgrade service unsupported list
1940876 - Components in ovirt components lack resource requests
1940889 - Installation failures in OpenStack release jobs
1940933 - [sig-arch] Check if alerts are firing during or after upgrade success: AggregatedAPIDown on v1beta1.metrics.k8s.io
1940939 - Wrong Openshift node IP as kubelet setting VIP as node IP
1940940 - csi-snapshot-controller goes unavailable when machines are added removed to cluster
1940950 - vsphere: client/bootstrap CSR double create
1940972 - vsphere: [4.6] CSR approval delayed for unknown reason
1941000 - cinder storageclass creates persistent volumes with wrong label failure-domain.beta.kubernetes.io/zone in multi availability zones architecture on OSP 16.
1941334 - [RFE] Cluster-api-provider-ovirt should handle auto pinning policy
1941342 - Add kata-osbuilder-generate.service as part of the default presets
1941456 - Multiple pods stuck in ContainerCreating status with the message "failed to create container for [kubepods burstable podxxx] : dbus: connection closed by user" being seen in the journal log
1941526 - controller-manager-operator: Observed a panic: nil pointer dereference
1941592 - HAProxyDown not Firing
1941606 - [assisted operator] Assisted Installer Operator CSV related images should be digests for icsp
1941625 - Developer -> Topology - i18n misses
1941635 - Developer -> Monitoring - i18n misses
1941636 - BM worker nodes deployment with virtual media failed while trying to clean raid
1941645 - Developer -> Builds - i18n misses
1941655 - Developer -> Pipelines - i18n misses
1941667 - Developer -> Project - i18n misses
1941669 - Developer -> ConfigMaps - i18n misses
1941759 - Errored pre-flight checks should not prevent install
1941798 - Some details pages don't have internationalized ResourceKind labels
1941801 - Many filter toolbar dropdowns haven't been internationalized
1941815 - From the web console the terminal can no longer connect after using leaving and returning to the terminal view
1941859 - [assisted operator] assisted pod deploy first time in error state
1941901 - Toleration merge logic does not account for multiple entries with the same key
1941915 - No validation against template name in boot source customization
1941936 - when setting parameters in containerRuntimeConfig, it will show incorrect information on its description
1941980 - cluster-kube-descheduler operator is broken when upgraded from 4.7 to 4.8
1941990 - Pipeline metrics endpoint changed in osp-1.4
1941995 - fix backwards incompatible trigger api changes in osp1.4
1942086 - Administrator -> Home - i18n misses
1942117 - Administrator -> Workloads - i18n misses
1942125 - Administrator -> Serverless - i18n misses
1942193 - Operand creation form - broken/cutoff blue line on the Accordion component (fieldGroup)
1942207 - [vsphere] hostname are changed when upgrading from 4.6 to 4.7.x causing upgrades to fail
1942271 - Insights operator doesn't gather pod information from openshift-cluster-version
1942375 - CRI-O failing with error "reserving ctr name"
1942395 - The status is always "Updating" on dc detail page after deployment has failed.
1942521 - [Assisted-4.7] [Staging][OCS] Minimum memory for selected role is failing although minimum OCP requirement satisfied
1942522 - Resolution fails to sort channel if inner entry does not satisfy predicate
1942536 - Corrupted image preventing containers from starting
1942548 - Administrator -> Networking - i18n misses
1942553 - CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic
1942555 - Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork
1942557 - Query is reporting "no datapoint" when label cluster="" is set but work when the label is removed or when running directly in Prometheus
1942608 - crictl cannot list the images with an error: error locating item named "manifest" for image with ID
1942614 - Administrator -> Storage - i18n misses
1942641 - Administrator -> Builds - i18n misses
1942673 - Administrator -> Pipelines - i18n misses
1942694 - Resource names with a colon do not display property in the browser window title
1942715 - Administrator -> User Management - i18n misses
1942716 - Quay Container Security operator has Medium <-> Low colors reversed
1942725 - [SCC] openshift-apiserver degraded when creating new pod after installing Stackrox which creates a less privileged SCC [4.8]
1942736 - Administrator -> Administration - i18n misses
1942749 - Install Operator form should use info icon for popovers
1942837 - [OCPv4.6] unable to deploy pod with unsafe sysctls
1942839 - Windows VMs fail to start on air-gapped environments
1942856 - Unable to assign nodes for EgressIP even if the egress-assignable label is set
1942858 - [RFE]Confusing detach volume UX
1942883 - AWS EBS CSI driver does not support partitions
1942894 - IPA error when provisioning masters due to an error from ironic.conductor - /dev/sda is busy
1942935 - must-gather improvements
1943145 - vsphere: client/bootstrap CSR double create
1943175 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies (set azure storage account TLS version default to 1.2)
1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
1943219 - unable to install IPI PRIVATE OpenShift cluster in Azure - SSH access from the Internet should be blocked
1943224 - cannot upgrade openshift-kube-descheduler from 4.7.2 to latest
1943238 - The conditions table does not occupy 100% of the width.
1943258 - [Assisted-4.7][Staging][Advanced Networking] Cluster install fails while waiting for control plane
1943314 - [OVN SCALE] Combine Logical Flows inside Southbound DB.
1943315 - avoid workload disruption for ICSP changes
1943320 - Baremetal node loses connectivity with bonded interface and OVNKubernetes
1943329 - TLSSecurityProfile missing from KubeletConfig CRD Manifest
1943356 - Dynamic plugins surfaced in the UI should be referred to as "Console plugins"
1943539 - crio-wipe is failing to start "Failed to shutdown storage before wiping: A layer is mounted: layer is in use by a container"
1943543 - DeploymentConfig Rollback doesn't reset params correctly
1943558 - [assisted operator] Assisted Service pod unable to reach self signed local registry in disco environement
1943578 - CoreDNS caches NXDOMAIN responses for up to 900 seconds
1943614 - add bracket logging on openshift/builder calls into buildah to assist test-platform team triage
1943637 - upgrade from ocp 4.5 to 4.6 does not clear SNAT rules on ovn
1943649 - don't use hello-openshift for network-check-target
1943667 - KubeDaemonSetRolloutStuck fires during upgrades too often because it does not accurately detect progress
1943719 - storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions
1943804 - API server on AWS takes disruption between 70s and 110s after pod begins termination via external LB
1943845 - Router pods should have startup probes configured
1944121 - OVN-kubernetes references AddressSets after deleting them, causing ovn-controller errors
1944160 - CNO: nbctl daemon should log reconnection info
1944180 - OVN-Kube Master does not release election lock on shutdown
1944246 - Ironic fails to inspect and move node to "manageable' but get bmh remains in "inspecting"
1944268 - openshift-install AWS SDK is missing endpoints for the ap-northeast-3 region
1944509 - Translatable texts without context in ssh expose component
1944581 - oc project not works with cluster proxy
1944587 - VPA could not take actions based on the recommendation when min-replicas=1
1944590 - The field name "VolumeSnapshotContent" is wrong on VolumeSnapshotContent detail page
1944602 - Consistant fallures of features/project-creation.feature Cypress test in CI
1944631 - openshif authenticator should not accept non-hashed tokens
1944655 - [manila-csi-driver-operator] openstack-manila-csi-nodeplugin pods stucked with ".. still connecting to unix:///var/lib/kubelet/plugins/csi-nfsplugin/csi.sock"
1944660 - dm-multipath race condition on bare metal causing /boot partition mount failures
1944674 - Project field become to "All projects" and disabled in "Review and create virtual machine" step in devconsole
1944678 - Whereabouts IPAM CNI duplicate IP addresses assigned to pods
1944761 - field level help instances do not use common util component
1944762 - Drain on worker node during an upgrade fails due to PDB set for image registry pod when only a single replica is present
1944763 - field level help instances do not use common util component
1944853 - Update to nodejs >=14.15.4 for ARM
1944974 - Duplicate KubeControllerManagerDown/KubeSchedulerDown alerts
1944986 - Clarify the ContainerRuntimeConfiguration cr description on the validation
1945027 - Button 'Copy SSH Command' does not work
1945085 - Bring back API data in etcd test
1945091 - In k8s 1.21 bump Feature:IPv6DualStack tests are disabled
1945103 - 'User credentials' shows even the VM is not running
1945104 - In k8s 1.21 bump '[sig-storage] [cis-hostpath] [Testpattern: Generic Ephemeral-volume' tests are disabled
1945146 - Remove pipeline Tech preview badge for pipelines GA operator
1945236 - Bootstrap ignition shim doesn't follow proxy settings
1945261 - Operator dependency not consistently chosen from default channel
1945312 - project deletion does not reset UI project context
1945326 - console-operator: does not check route health periodically
1945387 - Image Registry deployment should have 2 replicas and hard anti-affinity rules
1945398 - 4.8 CI failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
1945431 - alerts: SystemMemoryExceedsReservation triggers too quickly
1945443 - operator-lifecycle-manager-packageserver flaps Available=False with no reason or message
1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service
1945548 - catalog resource update failed if spec.secrets set to ""
1945584 - Elasticsearch operator fails to install on 4.8 cluster on ppc64le/s390x
1945599 - Optionally set KERNEL_VERSION and RT_KERNEL_VERSION
1945630 - Pod log filename no longer in -.log format
1945637 - QE- Automation- Fixing smoke test suite for pipeline-plugin
1945646 - gcp-routes.sh running as initrc_t unnecessarily
1945659 - [oVirt] remove ovirt_cafile from ovirt-credentials secret
1945677 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry
1945687 - Dockerfile needs updating to new container CI registry
1945700 - Syncing boot mode after changing device should be restricted to Supermicro
1945816 - " Ingresses " should be kept in English for Chinese
1945818 - Chinese translation issues: Operator should be the same with English Operators
1945849 - Unnecessary series churn when a new version of kube-state-metrics is rolled out
1945910 - [aws] support byo iam roles for instances
1945948 - SNO: pods can't reach ingress when the ingress uses a different IPv6.
1946079 - Virtual master is not getting an IP address
1946097 - [oVirt] oVirt credentials secret contains unnecessary "ovirt_cafile"
1946119 - panic parsing install-config
1946243 - No relevant error when pg limit is reached in block pools page
1946307 - [CI] [UPI] use a standardized and reliable way to install google cloud SDK in UPI image
1946320 - Incorrect error message in Deployment Attach Storage Page
1946449 - [e2e][automation] Fix cloud-init tests as UI changed
1946458 - Edit Application action overwrites Deployment envFrom values on save
1946459 - In bare metal IPv6 environment, [sig-storage] [Driver: nfs] tests are failing in CI.
1946479 - In k8s 1.21 bump BoundServiceAccountTokenVolume is disabled by default
1946497 - local-storage-diskmaker pod logs "DeviceSymlinkExists" and "not symlinking, could not get lock: "
1946506 - [on-prem] mDNS plugin no longer needed
1946513 - honor use specified system reserved with auto node sizing
1946540 - auth operator: only configure webhook authenticators for internal auth when oauth-apiserver pods are ready
1946584 - Machine-config controller fails to generate MC, when machine config pool with dashes in name presents under the cluster
1946607 - etcd readinessProbe is not reflective of actual readiness
1946705 - Fix issues with "search" capability in the Topology Quick Add component
1946751 - DAY2 Confusing event when trying to add hosts to a cluster that completed installation
1946788 - Serial tests are broken because of router
1946790 - Marketplace operator flakes Available=False OperatorStarting during updates
1946838 - Copied CSVs show up as adopted components
1946839 - [Azure] While mirroring images to private registry throwing error: invalid character '<' looking for beginning of value
1946865 - no "namespace:kube_pod_container_resource_requests_cpu_cores:sum" and "namespace:kube_pod_container_resource_requests_memory_bytes:sum" metrics
1946893 - the error messages are inconsistent in DNS status conditions if the default service IP is taken
1946922 - Ingress details page doesn't show referenced secret name and link
1946929 - the default dns operator's Progressing status is always True and cluster operator dns Progressing status is False
1947036 - "failed to create Matchbox client or connect" on e2e-metal jobs or metal clusters via cluster-bot
1947066 - machine-config-operator pod crashes when noProxy is *
1947067 - [Installer] Pick up upstream fix for installer console output
1947078 - Incorrect skipped status for conditional tasks in the pipeline run
1947080 - SNO IPv6 with 'temporary 60-day domain' option fails with IPv4 exception
1947154 - [master] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install
1947164 - Print "Successfully pushed" even if the build push fails.
1947176 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed.
1947293 - IPv6 provision addresses range larger then /64 prefix (e.g. /48)
1947311 - When adding a new node to localvolumediscovery UI does not show pre-existing node name's
1947360 - [vSphere csi driver operator] operator pod runs as “BestEffort” qosClass
1947371 - [vSphere csi driver operator] operator doesn't create “csidriver” instance
1947402 - Single Node cluster upgrade: AWS EBS CSI driver deployment is stuck on rollout
1947478 - discovery v1 beta1 EndpointSlice is deprecated in Kubernetes 1.21 (OCP 4.8)
1947490 - If Clevis on a managed LUKs volume with Ignition enables, the system will fails to automatically open the LUKs volume on system boot
1947498 - policy v1 beta1 PodDisruptionBudget is deprecated in Kubernetes 1.21 (OCP 4.8)
1947663 - disk details are not synced in web-console
1947665 - Internationalization values for ceph-storage-plugin should be in file named after plugin
1947684 - MCO on SNO sometimes has rendered configs and sometimes does not
1947712 - [OVN] Many faults and Polling interval stuck for 4 seconds every roughly 5 minutes intervals.
1947719 - 8 APIRemovedInNextReleaseInUse info alerts display
1947746 - Show wrong kubernetes version from kube-scheduler/kube-controller-manager operator pods
1947756 - [azure-disk-csi-driver-operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade
1947767 - [azure-disk-csi-driver-operator] Uses the same storage type in the sc created by it as the default sc?
1947771 - [kube-descheduler]descheduler operator pod should not run as “BestEffort” qosClass
1947774 - CSI driver operators use "Always" imagePullPolicy in some containers
1947775 - [vSphere csi driver operator] doesn’t use the downstream images from payload.
1947776 - [vSphere csi driver operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade
1947779 - [LSO] Should allow more nodes to be updated simultaneously for speeding up LSO upgrade
1947785 - Cloud Compute: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947789 - Console: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947791 - MCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947793 - DevEx: APIRemovedInNextReleaseInUse info alerts display
1947794 - OLM: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert
1947795 - Networking: APIRemovedInNextReleaseInUse info alerts display
1947797 - CVO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947798 - Images: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947800 - Ingress: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1947801 - Kube Storage Version Migrator APIRemovedInNextReleaseInUse info alerts display
1947803 - Openshift Apiserver: APIRemovedInNextReleaseInUse info alerts display
1947806 - Re-enable h2spec, http/2 and grpc-interop e2e tests in openshift/origin
1947828 - download it link should save pod log in -.log format
1947866 - disk.csi.azure.com.spec.operatorLogLevel is not updated when CSO loglevel is changed
1947917 - Egress Firewall does not reliably apply firewall rules
1947946 - Operator upgrades can delete existing CSV before completion
1948011 - openshift-controller-manager constantly reporting type "Upgradeable" status Unknown
1948012 - service-ca constantly reporting type "Upgradeable" status Unknown
1948019 - [4.8] Large number of requests to the infrastructure cinder volume service
1948022 - Some on-prem namespaces missing from must-gather
1948040 - cluster-etcd-operator: etcd is using deprecated logger
1948082 - Monitoring should not set Available=False with no reason on updates
1948137 - CNI DEL not called on node reboot - OCP 4 CRI-O.
1948232 - DNS operator performs spurious updates in response to API's defaulting of daemonset's maxSurge and service's ipFamilies and ipFamilyPolicy fields
1948311 - Some jobs failing due to excessive watches: the server has received too many requests and has asked us to try again later
1948359 - [aws] shared tag was not removed from user provided IAM role
1948410 - [LSO] Local Storage Operator uses imagePullPolicy as "Always"
1948415 - [vSphere csi driver operator] clustercsidriver.spec.logLevel doesn't take effective after changing
1948427 - No action is triggered after click 'Continue' button on 'Show community Operator' windows
1948431 - TechPreviewNoUpgrade does not enable CSI migration
1948436 - The outbound traffic was broken intermittently after shutdown one egressIP node
1948443 - OCP 4.8 nightly still showing v1.20 even after 1.21 merge
1948471 - [sig-auth][Feature:OpenShiftAuthorization][Serial] authorization TestAuthorizationResourceAccessReview should succeed [Suite:openshift/conformance/serial]
1948505 - [vSphere csi driver operator] vmware-vsphere-csi-driver-operator pod restart every 10 minutes
1948513 - get-resources.sh doesn't honor the no_proxy settings
1948524 - 'DeploymentUpdated' Updated Deployment.apps/downloads -n openshift-console because it changed message is printed every minute
1948546 - VM of worker is in error state when a network has port_security_enabled=False
1948553 - When setting etcd spec.LogLevel is not propagated to etcd operand
1948555 - A lot of events "rpc error: code = DeadlineExceeded desc = context deadline exceeded" were seen in azure disk csi driver verification test
1948563 - End-to-End Secure boot deployment fails "Invalid value for input variable"
1948582 - Need ability to specify local gateway mode in CNO config
1948585 - Need a CI jobs to test local gateway mode with bare metal
1948592 - [Cluster Network Operator] Missing Egress Router Controller
1948606 - DNS e2e test fails "[sig-arch] Only known images used by tests" because it does not use a known image
1948610 - External Storage [Driver: disk.csi.azure.com] [Testpattern: Dynamic PV (block volmode)] multiVolume [Slow] should access to two volumes with the same volume mode and retain data across pod recreation on the same node [LinuxOnly]
1948626 - TestRouteAdmissionPolicy e2e test is failing often
1948628 - ccoctl needs to plan for future (non-AWS) platform support in the CLI
1948634 - upgrades: allow upgrades without version change
1948640 - [Descheduler] operator log reports key failed with : kubedeschedulers.operator.openshift.io "cluster" not found
1948701 - unneeded CCO alert already covered by CVO
1948703 - p&f: probes should not get 429s
1948705 - [assisted operator] SNO deployment fails - ClusterDeployment shows bootstrap.ign was not found
1948706 - Cluster Autoscaler Operator manifests missing annotation for ibm-cloud-managed profile
1948708 - cluster-dns-operator includes a deployment with node selector of masters for the IBM cloud managed profile
1948711 - thanos querier and prometheus-adapter should have 2 replicas
1948714 - cluster-image-registry-operator targets master nodes in ibm-cloud-managed-profile
1948716 - cluster-ingress-operator deployment targets master nodes for ibm-cloud-managed profile
1948718 - cluster-network-operator deployment manifest for ibm-cloud-managed profile contains master node selector
1948719 - Machine API components should use 1.21 dependencies
1948721 - cluster-storage-operator deployment targets master nodes for ibm-cloud-managed profile
1948725 - operator lifecycle manager does not include profile annotations for ibm-cloud-managed
1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing
1948771 - ~50% of GCP upgrade jobs in 4.8 failing with "AggregatedAPIDown" alert on packages.coreos.com
1948782 - Stale references to the single-node-production-edge cluster profile
1948787 - secret.StringData shouldn't be used for reads
1948788 - Clicking an empty metrics graph (when there is no data) should still open metrics viewer
1948789 - Clicking on a metrics graph should show request and limits queries as well on the resulting metrics page
1948919 - Need minor update in message on channel modal
1948923 - [aws] installer forces the platform.aws.amiID option to be set, while installing a cluster into GovCloud or C2S region
1948926 - Memory Usage of Dashboard 'Kubernetes / Compute Resources / Pod' contain wrong CPU query
1948936 - [e2e][automation][prow] Prow script point to deleted resource
1948943 - (release-4.8) Limit the number of collected pods in the workloads gatherer
1948953 - Uninitialized cloud provider error when provisioning a cinder volume
1948963 - [RFE] Cluster-api-provider-ovirt should handle hugepages
1948966 - Add the ability to run a gather done by IO via a Kubernetes Job
1948981 - Align dependencies and libraries with latest ironic code
1948998 - style fixes by GoLand and golangci-lint
1948999 - Can not assign multiple EgressIPs to a namespace by using automatic way.
1949019 - PersistentVolumes page cannot sync project status automatically which will block user to create PV
1949022 - Openshift 4 has a zombie problem
1949039 - Wrong env name to get podnetinfo for hugepage in app-netutil
1949041 - vsphere: wrong image names in bundle
1949042 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the http2 tests (on OpenStack)
1949050 - Bump k8s to latest 1.21
1949061 - [assisted operator][nmstate] Continuous attempts to reconcile InstallEnv in the case of invalid NMStateConfig
1949063 - [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service
1949075 - Extend openshift/api for Add card customization
1949093 - PatternFly v4.96.2 regression results in a.pf-c-button hover issues
1949096 - Restore private git clone tests
1949099 - network-check-target code cleanup
1949105 - NetworkPolicy ... should enforce ingress policy allowing any port traffic to a server on a specific protocol
1949145 - Move openshift-user-critical priority class to CCO
1949155 - Console doesn't correctly check for favorited or last namespace on load if project picker used
1949180 - Pipelines plugin model kinds aren't picked up by parser
1949202 - sriov-network-operator not available from operatorhub on ppc64le
1949218 - ccoctl not included in container image
1949237 - Bump OVN: Lots of conjunction warnings in ovn-controller container logs
1949277 - operator-marketplace: deployment manifests for ibm-cloud-managed profile have master node selectors
1949294 - [assisted operator] OPENSHIFT_VERSIONS in assisted operator subscription does not propagate
1949306 - need a way to see top API accessors
1949313 - Rename vmware-vsphere- images to vsphere- images before 4.8 ships
1949316 - BaremetalHost resource automatedCleaningMode ignored due to outdated vendoring
1949347 - apiserver-watcher support for dual-stack
1949357 - manila-csi-controller pod not running due to secret lack(in another ns)
1949361 - CoreDNS resolution failure for external hostnames with "A: dns: overflow unpacking uint16"
1949364 - Mention scheduling profiles in scheduler operator repository
1949370 - Testability of: Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error
1949384 - Edit Default Pull Secret modal - i18n misses
1949387 - Fix the typo in auto node sizing script
1949404 - label selector on pvc creation page - i18n misses
1949410 - The referred role doesn't exist if create rolebinding from rolebinding tab of role page
1949411 - VolumeSnapshot, VolumeSnapshotClass and VolumeSnapshotConent Details tab is not translated - i18n misses
1949413 - Automatic boot order setting is done incorrectly when using by-path style device names
1949418 - Controller factory workers should always restart on panic()
1949419 - oauth-apiserver logs "[SHOULD NOT HAPPEN] failed to update managedFields for authentication.k8s.io/v1, Kind=TokenReview: failed to convert new object (authentication.k8s.io/v1, Kind=TokenReview)"
1949420 - [azure csi driver operator] pvc.status.capacity and pv.spec.capacity are processed not the same as in-tree plugin
1949435 - ingressclass controller doesn't recreate the openshift-default ingressclass after deleting it
1949480 - Listeners timeout are constantly being updated
1949481 - cluster-samples-operator restarts approximately two times per day and logs too many same messages
1949509 - Kuryr should manage API LB instead of CNO
1949514 - URL is not visible for routes at narrow screen widths
1949554 - Metrics of vSphere CSI driver sidecars are not collected
1949582 - OCP v4.7 installation with OVN-Kubernetes fails with error "egress bandwidth restriction -1 is not equals"
1949589 - APIRemovedInNextEUSReleaseInUse Alert Missing
1949591 - Alert does not catch removed api usage during end-to-end tests.
1949593 - rename DeprecatedAPIInUse alert to APIRemovedInNextReleaseInUse
1949612 - Install with 1.21 Kubelet is spamming logs with failed to get stats failed command 'du'
1949626 - machine-api fails to create AWS client in new regions
1949661 - Kubelet Workloads Management changes for OCPNODE-529
1949664 - Spurious keepalived liveness probe failures
1949671 - System services such as openvswitch are stopped before pod containers on system shutdown or reboot
1949677 - multus is the first pod on a new node and the last to go ready
1949711 - cvo unable to reconcile deletion of openshift-monitoring namespace
1949721 - Pick 99237: Use the audit ID of a request for better correlation
1949741 - Bump golang version of cluster-machine-approver
1949799 - ingresscontroller should deny the setting when spec.tuningOptions.threadCount exceed 64
1949810 - OKD 4.7 unable to access Project Topology View
1949818 - Add e2e test to perform MCO operation Single Node OpenShift
1949820 - Unable to use oc adm top is shortcut when asking for imagestreams
1949862 - The ccoctl tool hits the panic sometime when running the delete subcommand
1949866 - The ccoctl fails to create authentication file when running the command ccoctl aws create-identity-provider with --output-dir parameter
1949880 - adding providerParameters.gcp.clientAccess to existing ingresscontroller doesn't work
1949882 - service-idler build error
1949898 - Backport RP#848 to OCP 4.8
1949907 - Gather summary of PodNetworkConnectivityChecks
1949923 - some defined rootVolumes zones not used on installation
1949928 - Samples Operator updates break CI tests
1949935 - Fix incorrect access review check on start pipeline kebab action
1949956 - kaso: add minreadyseconds to ensure we don't have an LB outage on kas
1949967 - Update Kube dependencies in MCO to 1.21
1949972 - Descheduler metrics: populate build info data and make the metrics entries more readeable
1949978 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the h2spec conformance tests [Suite:openshift/conformance/parallel/minimal]
1949990 - (release-4.8) Extend the OLM operator gatherer to include CSV display name
1949991 - openshift-marketplace pods are crashlooping
1950007 - [CI] [UPI] easy_install is not reliable enough to be used in an image
1950026 - [Descheduler] Need better way to handle evicted pod count for removeDuplicate pod strategy
1950047 - CSV deployment template custom annotations are not propagated to deployments
1950112 - SNO: machine-config pool is degraded: error running chcon -R -t var_run_t /run/mco-machine-os-content/os-content-321709791
1950113 - in-cluster operators need an API for additional AWS tags
1950133 - MCO creates empty conditions on the kubeletconfig object
1950159 - Downstream ovn-kubernetes repo should have no linter errors
1950175 - Update Jenkins and agent base image to Go 1.16
1950196 - ssh Key is added even with 'Expose SSH access to this virtual machine' unchecked
1950210 - VPA CRDs use deprecated API version
1950219 - KnativeServing is not shown in list on global config page
1950232 - [Descheduler] - The minKubeVersion should be 1.21
1950236 - Update OKD imagestreams to prefer centos7 images
1950270 - should use "kubernetes.io/os" in the dns/ingresscontroller node selector description when executing oc explain command
1950284 - Tracking bug for NE-563 - support user-defined tags on AWS load balancers
1950341 - NetworkPolicy: allow-from-router policy does not allow access to service when the endpoint publishing strategy is HostNetwork on OpenshiftSDN network
1950379 - oauth-server is in pending/crashbackoff at beginning 50% of CI runs
1950384 - [sig-builds][Feature:Builds][sig-devex][Feature:Jenkins][Slow] openshift pipeline build perm failing
1950409 - Descheduler operator code and docs still reference v1beta1
1950417 - The Marketplace Operator is building with EOL k8s versions
1950430 - CVO serves metrics over HTTP, despite a lack of consumers
1950460 - RFE: Change Request Size Input to Number Spinner Input
1950471 - e2e-metal-ipi-ovn-dualstack is failing with etcd unable to bootstrap
1950532 - Include "update" when referring to operator approval and channel
1950543 - Document non-HA behaviors in the MCO (SingleNodeOpenshift)
1950590 - CNO: Too many OVN netFlows collectors causes ovnkube pods CrashLoopBackOff
1950653 - BuildConfig ignores Args
1950761 - Monitoring operator deployments anti-affinity rules prevent their rollout on single-node
1950908 - kube_pod_labels metric does not contain k8s labels
1950912 - [e2e][automation] add devconsole tests
1950916 - [RFE]console page show error when vm is poused
1950934 - Unnecessary rollouts can happen due to unsorted endpoints
1950935 - Updating cluster-network-operator builder & base images to be consistent with ART
1950978 - the ingressclass cannot be removed even after deleting the related custom ingresscontroller
1951007 - ovn master pod crashed
1951029 - Drainer panics on missing context for node patch
1951034 - (release-4.8) Split up the GatherClusterOperators into smaller parts
1951042 - Panics every few minutes in kubelet logs post-rebase
1951043 - Start Pipeline Modal Parameters should accept empty string defaults
1951058 - [gcp-pd-csi-driver-operator] topology and multipods capabilities are not enabled in e2e tests
1951066 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud
1951084 - avoid benign "Path \"/run/secrets/etc-pki-entitlement\" from \"/etc/containers/mounts.conf\" doesn't exist, skipping" messages
1951158 - Egress Router CRD missing Addresses entry
1951169 - Improve API Explorer discoverability from the Console
1951174 - re-pin libvirt to 6.0.0
1951203 - oc adm catalog mirror can generate ICSPs that exceed etcd's size limit
1951209 - RerunOnFailure runStrategy shows wrong VM status (Starting) on Succeeded VMI
1951212 - User/Group details shows unrelated subjects in role bindings tab
1951214 - VM list page crashes when the volume type is sysprep
1951339 - Cluster-version operator does not manage operand container environments when manifest lacks opinions
1951387 - opm index add doesn't respect deprecated bundles
1951412 - Configmap gatherer can fail incorrectly
1951456 - Docs and linting fixes
1951486 - Replace "kubevirt_vmi_network_traffic_bytes_total" with new metrics names
1951505 - Remove deprecated techPreviewUserWorkload field from CMO's configmap
1951558 - Backport Upstream 101093 for Startup Probe Fix
1951585 - enterprise-pod fails to build
1951636 - assisted service operator use default serviceaccount in operator bundle
1951637 - don't rollout a new kube-apiserver revision on oauth accessTokenInactivityTimeout changes
1951639 - Bootstrap API server unclean shutdown causes reconcile delay
1951646 - Unexpected memory climb while container not in use
1951652 - Add retries to opm index add
1951670 - Error gathering bootstrap log after pivot: The bootstrap machine did not execute the release-image.service systemd unit
1951671 - Excessive writes to ironic Nodes
1951705 - kube-apiserver needs alerts on CPU utlization
1951713 - [OCP-OSP] After changing image in machine object it enters in Failed - Can't find created instance
1951853 - dnses.operator.openshift.io resource's spec.nodePlacement.tolerations godoc incorrectly describes default behavior
1951858 - unexpected text '0' on filter toolbar on RoleBinding tab
1951860 - [4.8] add Intel XXV710 NIC model (1572) support in SR-IOV Operator
1951870 - sriov network resources injector: user defined injection removed existing pod annotations
1951891 - [migration] cannot change ClusterNetwork CIDR during migration
1951952 - [AWS CSI Migration] Metrics for cloudprovider error requests are lost
1952001 - Delegated authentication: reduce the number of watch requests
1952032 - malformatted assets in CMO
1952045 - Mirror nfs-server image used in jenkins-e2e
1952049 - Helm: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1952079 - rebase openshift/sdn to kube 1.21
1952111 - Optimize importing from @patternfly/react-tokens
1952174 - DNS operator claims to be done upgrading before it even starts
1952179 - OpenStack Provider Ports UI Underscore Variables
1952187 - Pods stuck in ImagePullBackOff with errors like rpc error: code = Unknown desc = Error committing the finished image: image with ID "SomeLongID" already exists, but uses a different top layer: that ID
1952211 - cascading mounts happening exponentially on when deleting openstack-cinder-csi-driver-node pods
1952214 - Console Devfile Import Dev Preview broken
1952238 - Catalog pods don't report termination logs to catalog-operator
1952262 - Need support external gateway via hybrid overlay
1952266 - etcd operator bumps status.version[name=operator] before operands update
1952268 - etcd operator should not set Degraded=True EtcdMembersDegraded on healthy machine-config node reboots
1952282 - CSR approver races with nodelink controller and does not requeue
1952310 - VM cannot start up if the ssh key is added by another template
1952325 - [e2e][automation] Check support modal in ssh tests and skip template parentSupport
1952333 - openshift/kubernetes vulnerable to CVE-2021-3121
1952358 - Openshift-apiserver CO unavailable in fresh OCP 4.7.5 installations
1952367 - No VM status on overview page when VM is pending
1952368 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc
1952372 - VM stop action should not be there if the VM is not running
1952405 - console-operator is not reporting correct Available status
1952448 - Switch from Managed to Disabled mode: no IP removed from configuration and no container metal3-static-ip-manager stopped
1952460 - In k8s 1.21 bump '[sig-network] Firewall rule control plane should not expose well-known ports' test is disabled
1952473 - Monitor pod placement during upgrades
1952487 - Template filter does not work properly
1952495 - “Create” button on the Templates page is confuse
1952527 - [Multus] multi-networkpolicy does wrong filtering
1952545 - Selection issue when inserting YAML snippets
1952585 - Operator links for 'repository' and 'container image' should be clickable in OperatorHub
1952604 - Incorrect port in external loadbalancer config
1952610 - [aws] image-registry panics when the cluster is installed in a new region
1952611 - Tracking bug for OCPCLOUD-1115 - support user-defined tags on AWS EC2 Instances
1952618 - 4.7.4->4.7.8 Upgrade Caused OpenShift-Apiserver Outage
1952625 - Fix translator-reported text issues
1952632 - 4.8 installer should default ClusterVersion channel to stable-4.8
1952635 - Web console displays a blank page- white space instead of cluster information
1952665 - [Multus] multi-networkpolicy pod continue restart due to OOM (out of memory)
1952666 - Implement Enhancement 741 for Kubelet
1952667 - Update Readme for cluster-baremetal-operator with details about the operator
1952684 - cluster-etcd-operator: metrics controller panics on invalid response from client
1952728 - It was not clear for users why Snapshot feature was not available
1952730 - “Customize virtual machine” and the “Advanced” feature are confusing in wizard
1952732 - Users did not understand the boot source labels
1952741 - Monitoring DB: after set Time Range as Custom time range, no data display
1952744 - PrometheusDuplicateTimestamps with user workload monitoring enabled
1952759 - [RFE]It was not immediately clear what the Star icon meant
1952795 - cloud-network-config-controller CRD does not specify correct plural name
1952819 - failed to configure pod interface: error while waiting on flows for pod: timed out waiting for OVS flows
1952820 - [LSO] Delete localvolume pv is failed
1952832 - [IBM][ROKS] Enable the Web console UI to deploy OCS in External mode on IBM Cloud
1952891 - Upgrade failed due to cinder csi driver not deployed
1952904 - Linting issues in gather/clusterconfig package
1952906 - Unit tests for configobserver.go
1952931 - CI does not check leftover PVs
1952958 - Runtime error loading console in Safari 13
1953019 - [Installer][baremetal][metal3] The baremetal IPI installer fails on delete cluster with: failed to clean baremetal bootstrap storage pool
1953035 - Installer should error out if publish: Internal is set while deploying OCP cluster on any on-prem platform
1953041 - openshift-authentication-operator uses 3.9k% of its requested CPU
1953077 - Handling GCP's: Error 400: Permission accesscontextmanager.accessLevels.list is not valid for this resource
1953102 - kubelet CPU use during an e2e run increased 25% after rebase
1953105 - RHCOS system components registered a 3.5x increase in CPU use over an e2e run before and after 4/9
1953169 - endpoint slice controller doesn't handle services target port correctly
1953257 - Multiple EgressIPs per node for one namespace when "oc get hostsubnet"
1953280 - DaemonSet/node-resolver is not recreated by dns operator after deleting it
1953291 - cluster-etcd-operator: peer cert DNS SAN is populated incorrectly
1953418 - [e2e][automation] Fix vm wizard validate tests
1953518 - thanos-ruler pods failed to start up for "cannot unmarshal DNS message"
1953530 - Fix openshift/sdn unit test flake
1953539 - kube-storage-version-migrator: priorityClassName not set
1953543 - (release-4.8) Add missing sample archive data
1953551 - build failure: unexpected trampoline for shared or dynamic linking
1953555 - GlusterFS tests fail on ipv6 clusters
1953647 - prometheus-adapter should have a PodDisruptionBudget in HA topology
1953670 - ironic container image build failing because esp partition size is too small
1953680 - ipBlock ignoring all other cidr's apart from the last one specified
1953691 - Remove unused mock
1953703 - Inconsistent usage of Tech preview badge in OCS plugin of OCP Console
1953726 - Fix issues related to loading dynamic plugins
1953729 - e2e unidling test is flaking heavily on SNO jobs
1953795 - Ironic can't virtual media attach ISOs sourced from ingress routes
1953798 - GCP e2e (parallel and upgrade) regularly trigger KubeAPIErrorBudgetBurn alert, also happens on AWS
1953803 - [AWS] Installer should do pre-check to ensure user-provided private hosted zone name is valid for OCP cluster
1953810 - Allow use of storage policy in VMC environments
1953830 - The oc-compliance build does not available for OCP4.8
1953846 - SystemMemoryExceedsReservation alert should consider hugepage reservation
1953977 - [4.8] packageserver pods restart many times on the SNO cluster
1953979 - Ironic caching virtualmedia images results in disk space limitations
1954003 - Alerts shouldn't report any alerts in firing or pending state: openstack-cinder-csi-driver-controller-metrics TargetDown
1954025 - Disk errors while scaling up a node with multipathing enabled
1954087 - Unit tests for kube-scheduler-operator
1954095 - Apply user defined tags in AWS Internal Registry
1954105 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns
1954124 - oc set volume not adding storageclass to pvc which leads to issues using snapshots
1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js
1954177 - machine-api: admissionReviewVersions v1beta1 is going to be removed in 1.22
1954187 - multus: admissionReviewVersions v1beta1 is going to be removed in 1.22
1954248 - Disable Alertmanager Protractor e2e tests
1954317 - [assisted operator] Environment variables set in the subscription not being inherited by the assisted-service container
1954330 - NetworkPolicy: allow-from-router with label policy-group.network.openshift.io/ingress: "" does not work on a upgraded cluster
1954421 - Get 'Application is not available' when access Prometheus UI
1954459 - Error: Gateway Time-out display on Alerting console
1954460 - UI, The status of "Used Capacity Breakdown [Pods]" is "Not available"
1954509 - FC volume is marked as unmounted after failed reconstruction
1954540 - Lack translation for local language on pages under storage menu
1954544 - authn operator: endpoints controller should use the context it creates
1954554 - Add e2e tests for auto node sizing
1954566 - Cannot update a component (UtilizationCard) error when switching perspectives manually
1954597 - Default image for GCP does not support ignition V3
1954615 - Undiagnosed panic detected in pod: pods/openshift-cloud-credential-operator_cloud-credential-operator
1954634 - apirequestcounts does not honor max users
1954638 - apirequestcounts should indicate removedinrelease of empty instead of 2.0
1954640 - Support of gatherers with different periods
1954671 - disable volume expansion support in vsphere csi driver storage class
1954687 - localvolumediscovery and localvolumset e2es are disabled
1954688 - LSO has missing examples for localvolumesets
1954696 - [API-1009] apirequestcounts should indicate useragent
1954715 - Imagestream imports become very slow when doing many in parallel
1954755 - Multus configuration should allow for net-attach-defs referenced in the openshift-multus namespace
1954765 - CCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1954768 - baremetal-operator: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert
1954770 - Backport upstream fix for Kubelet getting stuck in DiskPressure
1954773 - OVN: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert
1954783 - [aws] support byo private hosted zone
1954790 - KCM Alert PodDisruptionBudget At and Limit do not alert with maxUnavailable or MinAvailable by percentage
1954830 - verify-client-go job is failing for release-4.7 branch
1954865 - Add necessary priority class to pod-identity-webhook deployment
1954866 - Add necessary priority class to downloads
1954870 - Add necessary priority class to network components
1954873 - dns server may not be specified for clusters with more than 2 dns servers specified by openstack.
1954891 - Add necessary priority class to pruner
1954892 - Add necessary priority class to ingress-canary
1954931 - (release-4.8) Remove legacy URL anonymization in the ClusterOperator related resources
1954937 - [API-1009] oc get apirequestcount shows blank for column REQUESTSINCURRENTHOUR
1954959 - unwanted decorator shown for revisions in topology though should only be shown only for knative services
1954972 - TechPreviewNoUpgrade featureset can be undone
1954973 - "read /proc/pressure/cpu: operation not supported" in node-exporter logs
1954994 - should update to 2.26.0 for prometheus resources label
1955051 - metrics "kube_node_status_capacity_cpu_cores" does not exist
1955089 - Support [sig-cli] oc observe works as expected test for IPv6
1955100 - Samples: APIRemovedInNextReleaseInUse info alerts display
1955102 - Add vsphere_node_hw_version_total metric to the collected metrics
1955114 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1955196 - linuxptp-daemon crash on 4.8
1955226 - operator updates apirequestcount CRD over and over
1955229 - release-openshift-origin-installer-e2e-aws-calico-4.7 is permfailing
1955256 - stop collecting API that no longer exists
1955324 - Kubernetes Autoscaler should use Go 1.16 for testing scripts
1955336 - Failure to Install OpenShift on GCP due to Cluster Name being similar to / contains "google"
1955414 - 4.8 -> 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator
1955445 - Drop crio image metrics with high cardinality
1955457 - Drop container_memory_failures_total metric because of high cardinality
1955467 - Disable collection of node_mountstats_nfs metrics in node_exporter
1955474 - [aws-ebs-csi-driver] rebase from version v1.0.0
1955478 - Drop high-cardinality metrics from kube-state-metrics which aren't used
1955517 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation
1955548 - [IPI][OSP] OCP 4.6/4.7 IPI with kuryr exceeds defined serviceNetwork range
1955554 - MAO does not react to events triggered from Validating Webhook Configurations
1955589 - thanos-querier should have a PodDisruptionBudget in HA topology
1955595 - Add DevPreviewLongLifecycle Descheduler profile
1955596 - Pods stuck in creation phase on realtime kernel SNO
1955610 - release-openshift-origin-installer-old-rhcos-e2e-aws-4.7 is permfailing
1955622 - 4.8-e2e-metal-assisted jobs: Timeout of 360 seconds expired waiting for Cluster to be in status ['installing', 'error']
1955701 - [4.8] RHCOS boot image bump for RHEL 8.4 Beta
1955749 - OCP branded templates need to be translated
1955761 - packageserver clusteroperator does not set reason or message for Available condition
1955783 - NetworkPolicy: ACL audit log message for allow-from-router policy should also include the namespace to distinguish between two policies similarly named configured in respective namespaces
1955803 - OperatorHub - console accepts any value for "Infrastructure features" annotation
1955822 - CIS Benchmark 5.4.1 Fails on ROKS 4: Prefer using secrets as files over secrets as environment variables
1955854 - Ingress clusteroperator reports Degraded=True/Available=False if any ingresscontroller is degraded or unavailable
1955862 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated
1955874 - Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct
1955879 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-> Removed-> Managed in configs.imageregistry with high ratio
1955969 - Workers cannot be deployed attached to multiple networks.
1956079 - Installer gather doesn't collect any networking information
1956208 - Installer should validate root volume type
1956220 - Set htt proxy system properties as expected by kubernetes-client
1956281 - Disconnected installs are failing with kubelet trying to pause image from the internet
1956334 - Event Listener Details page does not show Triggers section
1956353 - test: analyze job consistently fails
1956372 - openshift-gcp-routes causes disruption during upgrade by stopping before all pods terminate
1956405 - Bump k8s dependencies in cluster resource override admission operator
1956411 - Apply custom tags to AWS EBS volumes
1956480 - [4.8] Bootimage bump tracker
1956606 - probes FlowSchema manifest not included in any cluster profile
1956607 - Multiple manifests lack cluster profile annotations
1956609 - [cluster-machine-approver] CSRs for replacement control plane nodes not approved after restore from backup
1956610 - manage-helm-repos manifest lacks cluster profile annotations
1956611 - OLM CRD schema validation failing against CRs where the value of a string field is a blank string
1956650 - The container disk URL is empty for Windows guest tools
1956768 - aws-ebs-csi-driver-controller-metrics TargetDown
1956826 - buildArgs does not work when the value is taken from a secret
1956895 - Fix chatty kubelet log message
1956898 - fix log files being overwritten on container state loss
1956920 - can't open terminal for pods that have more than one container running
1956959 - ipv6 disconnected sno crd deployment hive reports success status and clusterdeployrmet reporting false
1956978 - Installer gather doesn't include pod names in filename
1957039 - Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of 169.254.169.2 for Local GW
1957041 - Update CI e2echart with more node info
1957127 - Delegated authentication: reduce the number of watch requests
1957131 - Conformance tests for OpenStack require the Cinder client that is not included in the "tests" image
1957146 - Only run test/extended/router/idle tests on OpenshiftSDN or OVNKubernetes
1957149 - CI: "Managed cluster should start all core operators" fails with: OpenStackCinderDriverStaticResourcesControllerDegraded: "volumesnapshotclass.yaml" (string): missing dynamicClient
1957179 - Incorrect VERSION in node_exporter
1957190 - CI jobs failing due too many watch requests (prometheus-operator)
1957198 - Misspelled console-operator condition
1957227 - Issue replacing the EnvVariables using the unsupported ConfigMap
1957260 - [4.8] [gcp] Installer is missing new region/zone europe-central2
1957261 - update godoc for new build status image change trigger fields
1957295 - Apply priority classes conventions as test to openshift/origin repo
1957315 - kuryr-controller doesn't indicate being out of quota
1957349 - [Azure] Machine object showing Failed phase even node is ready and VM is running properly
1957374 - mcddrainerr doesn't list specific pod
1957386 - Config serve and validate command should be under alpha
1957446 - prepare CCO for future without v1beta1 CustomResourceDefinitions
1957502 - Infrequent panic in kube-apiserver in aws-serial job
1957561 - lack of pseudolocalization for some text on Cluster Setting page
1957584 - Routes are not getting created when using hostname without FQDN standard
1957597 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone
1957645 - Event "Updated PrometheusRule.monitoring.coreos.com/v1 because it changed" is frequently looped with weird empty {} changes
1957708 - e2e-metal-ipi and related jobs fail to bootstrap due to multiple VIP's
1957726 - Pod stuck in ContainerCreating - Failed to start transient scope unit: Connection timed out
1957748 - Ptp operator pod should have CPU and memory requests set but not limits
1957756 - Device Replacemet UI, The status of the disk is "replacement ready" before I clicked on "start replacement"
1957772 - ptp daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1957775 - CVO creating cloud-controller-manager too early causing upgrade failures
1957809 - [OSP] Install with invalid platform.openstack.machinesSubnet results in runtime error
1957822 - Update apiserver tlsSecurityProfile description to include Custom profile
1957832 - CMO end-to-end tests work only on AWS
1957856 - 'resource name may not be empty' is shown in CI testing
1957869 - baremetal IPI power_interface for irmc is inconsistent
1957879 - cloud-controller-manage ClusterOperator manifest does not declare relatedObjects
1957889 - Incomprehensible documentation of the GatherClusterOperatorPodsAndEvents gatherer
1957893 - ClusterDeployment / Agent conditions show "ClusterAlreadyInstalling" during each spoke install
1957895 - Cypress helper projectDropdown.shouldContain is not an assertion
1957908 - Many e2e failed requests caused by kube-storage-version-migrator-operator's version reads
1957926 - "Add Capacity" should allow to add n3 (or n4) local devices at once
1957951 - [aws] destroy can get blocked on instances stuck in shutting-down state
1957967 - Possible test flake in listPage Cypress view
1957972 - Leftover templates from mdns
1957976 - Ironic execute_deploy_steps command to ramdisk times out, resulting in a failed deployment in 4.7
1957982 - Deployment Actions clickable for view-only projects
1957991 - ClusterOperatorDegraded can fire during installation
1958015 - "config-reloader-cpu" and "config-reloader-memory" flags have been deprecated for prometheus-operator
1958080 - Missing i18n for login, error and selectprovider pages
1958094 - Audit log files are corrupted sometimes
1958097 - don't show "old, insecure token format" if the token does not actually exist
1958114 - Ignore staged vendor files in pre-commit script
1958126 - [OVN]Egressip doesn't take effect
1958158 - OAuth proxy container for AlertManager and Thanos are flooding the logs
1958216 - ocp libvirt: dnsmasq options in install config should allow duplicate option names
1958245 - cluster-etcd-operator: static pod revision is not visible from etcd logs
1958285 - Deployment considered unhealthy despite being available and at latest generation
1958296 - OLM must explicitly alert on deprecated APIs in use
1958329 - pick 97428: add more context to log after a request times out
1958367 - Build metrics do not aggregate totals by build strategy
1958391 - Update MCO KubeletConfig to mixin the API Server TLS Security Profile Singleton
1958405 - etcd: current health checks and reporting are not adequate to ensure availability
1958406 - Twistlock flags mode of /var/run/crio/crio.sock
1958420 - openshift-install 4.7.10 fails with segmentation error
1958424 - aws: support more auth options in manual mode
1958439 - Install/Upgrade button on Install/Upgrade Helm Chart page does not work with Form View
1958492 - CCO: pod-identity-webhook still accesses APIRemovedInNextReleaseInUse
1958643 - All pods creation stuck due to SR-IOV webhook timeout
1958679 - Compression on pool can't be disabled via UI
1958753 - VMI nic tab is not loadable
1958759 - Pulling Insights report is missing retry logic
1958811 - VM creation fails on API version mismatch
1958812 - Cluster upgrade halts as machine-config-daemon fails to parse rpm-ostree status during cluster upgrades
1958861 - [CCO] pod-identity-webhook certificate request failed
1958868 - ssh copy is missing when vm is running
1958884 - Confusing error message when volume AZ not found
1958913 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff
1958930 - network config in machine configs prevents addition of new nodes with static networking via kargs
1958958 - [SCALE] segfault with ovnkube adding to address set
1958972 - [SCALE] deadlock in ovn-kube when scaling up to 300 nodes
1959041 - LSO Cluster UI,"Troubleshoot" link does not exist after scale down osd pod
1959058 - ovn-kubernetes has lock contention on the LSP cache
1959158 - packageserver clusteroperator Available condition set to false on any Deployment spec change
1959177 - Descheduler dev manifests are missing permissions
1959190 - Set LABEL io.openshift.release.operator=true for driver-toolkit image addition to payload
1959194 - Ingress controller should use minReadySeconds because otherwise it is disrupted during deployment updates
1959278 - Should remove prometheus servicemonitor from openshift-user-workload-monitoring
1959294 - openshift-operator-lifecycle-manager:olm-operator-serviceaccount should not rely on external networking for health check
1959327 - Degraded nodes on upgrade - Cleaning bootversions: Read-only file system
1959406 - Difficult to debug performance on ovn-k without pprof enabled
1959471 - Kube sysctl conformance tests are disabled, meaning we can't submit conformance results
1959479 - machines doesn't support dual-stack loadbalancers on Azure
1959513 - Cluster-kube-apiserver does not use library-go for audit pkg
1959519 - Operand details page only renders one status donut no matter how many 'podStatuses' descriptors are used
1959550 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console
1959564 - Test verify /run filesystem contents failing
1959648 - oc adm top --help indicates that oc adm top can display storage usage while it cannot
1959650 - Gather SDI-related MachineConfigs
1959658 - showing a lot "constructing many client instances from the same exec auth config"
1959696 - Deprecate 'ConsoleConfigRoute' struct in console-operator config
1959699 - [RFE] Collect LSO pod log and daemonset log managed by LSO
1959703 - Bootstrap gather gets into an infinite loop on bootstrap-in-place mode
1959711 - Egressnetworkpolicy doesn't work when configure the EgressIP
1959786 - [dualstack]EgressIP doesn't work on dualstack cluster for IPv6
1959916 - Console not works well against a proxy in front of openshift clusters
1959920 - UEFISecureBoot set not on the right master node
1959981 - [OCPonRHV] - Affinity Group should not create by default if we define empty affinityGroupsNames: []
1960035 - iptables is missing from ose-keepalived-ipfailover image
1960059 - Remove "Grafana UI" link from Console Monitoring > Dashboards page
1960089 - ImageStreams list page, detail page and breadcrumb are not following CamelCase conventions
1960129 - [e2e][automation] add smoke tests about VM pages and actions
1960134 - some origin images are not public
1960171 - Enable SNO checks for image-registry
1960176 - CCO should recreate a user for the component when it was removed from the cloud providers
1960205 - The kubelet log flooded with reconcileState message once CPU manager enabled
1960255 - fixed obfuscation permissions
1960257 - breaking changes in pr template
1960284 - ExternalTrafficPolicy Local does not preserve connections correctly on shutdown, policy Cluster has significant performance cost
1960323 - Address issues raised by coverity security scan
1960324 - manifests: extra "spec.version" in console quickstarts makes CVO hotloop
1960330 - manifests: invalid selector in ServiceMonitor makes CVO hotloop
1960334 - manifests: invalid selector in ServiceMonitor makes CVO hotloop
1960337 - manifests: invalid selector in ServiceMonitor makes CVO hotloop
1960339 - manifests: unset "preemptionPolicy" makes CVO hotloop
1960531 - Items under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod' keep added for every access
1960534 - Some graphs of console dashboards have no legend and tooltips are difficult to undstand compared with grafana
1960546 - Add virt_platform metric to the collected metrics
1960554 - Remove rbacv1beta1 handling code
1960612 - Node disk info in overview/details does not account for second drive where /var is located
1960619 - Image registry integration tests use old-style OAuth tokens
1960683 - GlobalConfigPage is constantly requesting resources
1960711 - Enabling IPsec runtime causing incorrect MTU on Pod interfaces
1960716 - Missing details for debugging
1960732 - Outdated manifests directory in CSI driver operator repositories
1960757 - [OVN] hostnetwork pod can access MCS port 22623 or 22624 on master
1960758 - oc debug / oc adm must-gather do not require openshift/tools and openshift/must-gather to be "the newest"
1960767 - /metrics endpoint of the Grafana UI is accessible without authentication
1960780 - CI: failed to create PDB "service-test" the server could not find the requested resource
1961064 - Documentation link to network policies is outdated
1961067 - Improve log gathering logic
1961081 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget in CMO logs
1961091 - Gather MachineHealthCheck definitions
1961120 - CSI driver operators fail when upgrading a cluster
1961173 - recreate existing static pod manifests instead of updating
1961201 - [sig-network-edge] DNS should answer A and AAAA queries for a dual-stack service is constantly failing
1961314 - Race condition in operator-registry pull retry unit tests
1961320 - CatalogSource does not emit any metrics to indicate if it's ready or not
1961336 - Devfile sample for BuildConfig is not defined
1961356 - Update single quotes to double quotes in string
1961363 - Minor string update for " No Storage classes found in cluster, adding source is disabled."
1961393 - DetailsPage does not work with group~version~kind
1961452 - Remove "Alertmanager UI" link from Console Monitoring > Alerting page
1961466 - Some dropdown placeholder text on route creation page is not translated
1961472 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true
1961506 - NodePorts do not work on RHEL 7.9 workers (was "4.7 -> 4.8 upgrade is stuck at Ingress operator Degraded with rhel 7.9 workers")
1961536 - clusterdeployment without pull secret is crashing assisted service pod
1961538 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop
1961545 - Fixing Documentation Generation
1961550 - HAproxy pod logs showing error "another server named 'pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080' was already defined at line 326, please use distinct names"
1961554 - respect the shutdown-delay-duration from OpenShiftAPIServerConfig
1961561 - The encryption controllers send lots of request to an API server
1961582 - Build failure on s390x
1961644 - NodeAuthenticator tests are failing in IPv6
1961656 - driver-toolkit missing some release metadata
1961675 - Kebab menu of taskrun contains Edit options which should not be present
1961701 - Enhance gathering of events
1961717 - Update runtime dependencies to Wallaby builds for bugfixes
1961829 - Quick starts prereqs not shown when description is long
1961852 - Excessive lock contention when adding many pods selected by the same NetworkPolicy
1961878 - Add Sprint 199 translations
1961897 - Remove history listener before console UI is unmounted
1961925 - New ManagementCPUsOverride admission plugin blocks pod creation in clusters with no nodes
1962062 - Monitoring dashboards should support default values of "All"
1962074 - SNO:the pod get stuck in CreateContainerError and prompt "failed to add conmon to systemd sandbox cgroup: dial unix /run/systemd/private: connect: resource temporarily unavailable" after adding a performanceprofile
1962095 - Replace gather-job image without FQDN
1962153 - VolumeSnapshot routes are ambiguous, too generic
1962172 - Single node CI e2e tests kubelet metrics endpoints intermittent downtime
1962219 - NTO relies on unreliable leader-for-life implementation.
1962256 - use RHEL8 as the vm-example
1962261 - Monitoring components requesting more memory than they use
1962274 - OCP on RHV installer fails to generate an install-config with only 2 hosts in RHV cluster
1962347 - Cluster does not exist logs after successful installation
1962392 - After upgrade from 4.5.16 to 4.6.17, customer's application is seeing re-transmits
1962415 - duplicate zone information for in-tree PV after enabling migration
1962429 - Cannot create windows vm because kubemacpool.io denied the request
1962525 - [Migration] SDN migration stuck on MCO on RHV cluster
1962569 - NetworkPolicy details page should also show Egress rules
1962592 - Worker nodes restarting during OS installation
1962602 - Cloud credential operator scrolls info "unable to provide upcoming..." on unsupported platform
1962630 - NTO: Ship the current upstream TuneD
1962687 - openshift-kube-storage-version-migrator pod failed due to Error: container has runAsNonRoot and image will run as root
1962698 - Console-operator can not create resource console-public configmap in the openshift-config-managed namespace
1962718 - CVE-2021-29622 prometheus: open redirect under the /new endpoint
1962740 - Add documentation to Egress Router
1962850 - [4.8] Bootimage bump tracker
1962882 - Version pod does not set priorityClassName
1962905 - Ramdisk ISO source defaulting to "http" breaks deployment on a good amount of BMCs
1963068 - ironic container should not specify the entrypoint
1963079 - KCM/KS: ability to enforce localhost communication with the API server.
1963154 - Current BMAC reconcile flow skips Ironic's deprovision step
1963159 - Add Sprint 200 translations
1963204 - Update to 8.4 IPA images
1963205 - Installer is using old redirector
1963208 - Translation typos/inconsistencies for Sprint 200 files
1963209 - Some strings in public.json have errors
1963211 - Fix grammar issue in kubevirt-plugin.json string
1963213 - Memsource download script running into API error
1963219 - ImageStreamTags not internationalized
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
1963267 - Warning: Invalid DOM property classname. Did you mean className? console warnings in volumes table
1963502 - create template from is not descriptive
1963676 - in vm wizard when selecting an os template it looks like selecting the flavor too
1963833 - Cluster monitoring operator crashlooping on single node clusters due to segfault
1963848 - Use OS-shipped stalld vs. the NTO-shipped one.
1963866 - NTO: use the latest k8s 1.21.1 and openshift vendor dependencies
1963871 - cluster-etcd-operator:[build] upgrade to go 1.16
1963896 - The VM disks table does not show easy links to PVCs
1963912 - "[sig-network] DNS should provide DNS for {services, cluster, subdomain, hostname}" failures on vsphere
1963932 - Installation failures in bootstrap in OpenStack release jobs
1963964 - Characters are not escaped on config ini file causing Kuryr bootstrap to fail
1964059 - rebase openshift/sdn to kube 1.21.1
1964197 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration
1964203 - e2e-metal-ipi, e2e-metal-ipi-ovn-dualstack and e2e-metal-ipi-ovn-ipv6 are failing due to "Unknown provider baremetal"
1964243 - The oc compliance fetch-raw doesn’t work for disconnected cluster
1964270 - Failed to install 'cluster-kube-descheduler-operator' with error: "clusterkubedescheduleroperator.4.8.0-202105211057.p0.assembly.stream\": must be no more than 63 characters"
1964319 - Network policy "deny all" interpreted as "allow all" in description page
1964334 - alertmanager/prometheus/thanos-querier /metrics endpoints are not secured
1964472 - Make project and namespace requirements more visible rather than giving me an error after submission
1964486 - Bulk adding of CIDR IPS to whitelist is not working
1964492 - Pick 102171: Implement support for watch initialization in P&F
1964625 - NETID duplicate check is only required in NetworkPolicy Mode
1964748 - Sync upstream 1.7.2 downstream
1964756 - PVC status is always in 'Bound' status when it is actually cloning
1964847 - Sanity check test suite missing from the repo
1964888 - opoenshift-apiserver imagestreamimports depend on >34s timeout support, WAS: transport: loopyWriter.run returning. connection error: desc = "transport is closing"
1964936 - error log for "oc adm catalog mirror" is not correct
1964979 - Add mapping from ACI to infraenv to handle creation order issues
1964997 - Helm Library charts are showing and can be installed from Catalog
1965024 - [DR] backup and restore should perform consistency checks on etcd snapshots
1965092 - [Assisted-4.7] [Staging][OLM] Operators deployments start before all workers finished installation
1965283 - 4.7->4.8 upgrades: cluster operators are not ready: openshift-controller-manager (Upgradeable=Unknown NoData: ), service-ca (Upgradeable=Unknown NoData:
1965330 - oc image extract fails due to security capabilities on files
1965334 - opm index add fails during image extraction
1965367 - Typo in in etcd-metric-serving-ca resource name
1965370 - "Route" is not translated in Korean or Chinese
1965391 - When storage class is already present wizard do not jumps to "Stoarge and nodes"
1965422 - runc is missing Provides oci-runtime in rpm spec
1965522 - [v2v] Multiple typos on VM Import screen
1965545 - Pod stuck in ContainerCreating: Unit ...slice already exists
1965909 - Replace "Enable Taint Nodes" by "Mark nodes as dedicated"
1965921 - [oVirt] High performance VMs shouldn't be created with Existing policy
1965929 - kube-apiserver should use cert auth when reaching out to the oauth-apiserver with a TokenReview request
1966077 - hidden descriptor is visible in the Operator instance details page1966116 - DNS SRV request which worked in 4.7.9 stopped working in 4.7.11
1966126 - root_ca_cert_publisher_sync_duration_seconds metric can have an excessive cardinality
1966138 - (release-4.8) Update K8s & OpenShift API versions
1966156 - Issue with Internal Registry CA on the service pod
1966174 - No storage class is installed, OCS and CNV installations fail
1966268 - Workaround for Network Manager not supporting nmconnections priority
1966401 - Revamp Ceph Table in Install Wizard flow
1966410 - kube-controller-manager should not trigger APIRemovedInNextReleaseInUse alert
1966416 - (release-4.8) Do not exceed the data size limit
1966459 - 'policy/v1beta1 PodDisruptionBudget' and 'batch/v1beta1 CronJob' appear in image-registry-operator log
1966487 - IP address in Pods list table are showing node IP other than pod IP
1966520 - Add button from ocs add capacity should not be enabled if there are no PV's
1966523 - (release-4.8) Gather MachineAutoScaler definitions
1966546 - [master] KubeAPI - keep day1 after cluster is successfully installed
1966561 - Workload partitioning annotation workaround needed for CSV annotation propagation bug
1966602 - don't require manually setting IPv6DualStack feature gate in 4.8
1966620 - The bundle.Dockerfile in the repo is obsolete
1966632 - [4.8.0] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install
1966654 - Alertmanager PDB is not created, but Prometheus UWM is
1966672 - Add Sprint 201 translations
1966675 - Admin console string updates
1966677 - Change comma to semicolon
1966683 - Translation bugs from Sprint 201 files
1966684 - Verify "Creating snapshot for claim <1>{pvcName}</1>" displays correctly
1966697 - Garbage collector logs every interval - move to debug level
1966717 - include full timestamps in the logs
1966759 - Enable downstream plugin for Operator SDK
1966795 - [tests] Release 4.7 broken due to the usage of wrong OCS version
1966813 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff
1966862 - vsphere IPI - local dns prepender is not prepending nameserver 127.0.0.1
1966892 - [master] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkub[e"
1966952 - [4.8.0] [Assisted-4.8][SNO][Dual Stack] DHCPv6 settings "ipv6.dhcp-duid=ll" missing from dual stack install
1967104 - [4.8.0] InfraEnv ctrl: log the amount of NMstate Configs baked into the image
1967126 - [4.8.0] [DOC] KubeAPI docs should clarify that the InfraEnv Spec pullSecretRef is currently ignored
1967197 - 404 errors loading some i18n namespaces
1967207 - Getting started card: console customization resources link shows other resources
1967208 - Getting started card should use semver library for parsing the version instead of string manipulation
1967234 - Console is continuously polling for ConsoleLink acm-link
1967275 - Awkward wrapping in getting started dashboard card
1967276 - Help menu tooltip overlays dropdown
1967398 - authentication operator still uses previous deleted pod ip rather than the new created pod ip to do health check
1967403 - (release-4.8) Increase workloads fingerprint gatherer pods limit
1967423 - [master] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion
1967444 - openshift-local-storage pods found with invalid priority class, should be openshift-user-critical or begin with system- while running e2e tests
1967531 - the ccoctl tool should extend MaxItems when listRoles, the default value 100 is a little small
1967578 - [4.8.0] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion
1967591 - The ManagementCPUsOverride admission plugin should not mutate containers with the limit
1967595 - Fixes the remaining lint issues
1967614 - prometheus-k8s pods can't be scheduled due to volume node affinity conflict
1967623 - [OCPonRHV] - ./openshift-install installation with install-config doesn't work if ovirt-config.yaml doesn't exist and user should fill the FQDN URL
1967625 - Add OpenShift Dockerfile for cloud-provider-aws
1967631 - [4.8.0] Cluster install failed due to timeout while "Waiting for control plane"
1967633 - [4.8.0] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkube"
1967639 - Console whitescreens if user preferences fail to load
1967662 - machine-api-operator should not use deprecated "platform" field in infrastructures.config.openshift.io
1967667 - Add Sprint 202 Round 1 translations
1967713 - Insights widget shows invalid link to the OCM
1967717 - Insights Advisor widget is missing a description paragraph and contains deprecated naming
1967745 - When setting DNS node placement by toleration to not tolerate master node, effect value should not allow string other than "NoExecute"
1967803 - should update to 7.5.5 for grafana resources version label
1967832 - Add more tests for periodic.go
1967833 - Add tasks pool to tasks_processing
1967842 - Production logs are spammed on "OCS requirements validation status Insufficient hosts to deploy OCS. A minimum of 3 hosts is required to deploy OCS"
1967843 - Fix null reference to messagesToSearch in gather_logs.go
1967902 - [4.8.0] Assisted installer chrony manifests missing index numberring
1967933 - Network-Tools debug scripts not working as expected
1967945 - [4.8.0] [assisted operator] Assisted Service Postgres crashes msg: "mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied"
1968019 - drain timeout and pool degrading period is too short
1968067 - [master] Agent validation not including reason for being insufficient
1968168 - [4.8.0] KubeAPI - keep day1 after cluster is successfully installed
1968175 - [4.8.0] Agent validation not including reason for being insufficient
1968373 - [4.8.0] BMAC re-attaches installed node on ISO regeneration
1968385 - [4.8.0] Infra env require pullSecretRef although it shouldn't be required
1968435 - [4.8.0] Unclear message in case of missing clusterImageSet
1968436 - Listeners timeout updated to remain using default value
1968449 - [4.8.0] Wrong Install-config override documentation
1968451 - [4.8.0] Garbage collector not cleaning up directories of removed clusters
1968452 - [4.8.0] [doc] "Mirror Registry Configuration" doc section needs clarification of functionality and limitations
1968454 - [4.8.0] backend events generated with wrong namespace for agent
1968455 - [4.8.0] Assisted Service operator's controllers are starting before the base service is ready
1968515 - oc should set user-agent when talking with registry
1968531 - Sync upstream 1.8.0 downstream
1968558 - [sig-cli] oc adm storage-admin [Suite:openshift/conformance/parallel] doesn't clean up properly
1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted
1968625 - Pods using sr-iov interfaces failign to start for Failed to create pod sandbox
1968700 - catalog-operator crashes when status.initContainerStatuses[].state.waiting is nil
1968701 - Bare metal IPI installation is failed due to worker inspection failure
1968754 - CI: e2e-metal-ipi-upgrade failing on KubeletHasDiskPressure, which triggers machine-config RequiredPoolsFailed
1969212 - [FJ OCP4.8 Bug - PUBLIC VERSION]: Masters repeat reboot every few minutes during workers provisioning
1969284 - Console Query Browser: Can't reset zoom to fixed time range after dragging to zoom
1969315 - [4.8.0] BMAC doesn't check if ISO Url changed before queuing BMH for reconcile
1969352 - [4.8.0] Creating BareMetalHost without the "inspect.metal3.io" does not automatically add it
1969363 - [4.8.0] Infra env should show the time that ISO was generated.
1969367 - [4.8.0] BMAC should wait for an ISO to exist for 1 minute before using it
1969386 - Filesystem's Utilization doesn't show in VM overview tab
1969397 - OVN bug causing subports to stay DOWN fails installations
1969470 - [4.8.0] Misleading error in case of install-config override bad input
1969487 - [FJ OCP4.8 Bug]: Avoid always do delete_configuration clean step
1969525 - Replace golint with revive
1969535 - Topology edit icon does not link correctly when branch name contains slash
1969538 - Install a VolumeSnapshotClass by default on CSI Drivers that support it
1969551 - [4.8.0] Assisted service times out on GetNextSteps due tooc adm release infotaking too long
1969561 - Test "an end user can use OLM can subscribe to the operator" generates deprecation alert
1969578 - installer: accesses v1beta1 RBAC APIs and causes APIRemovedInNextReleaseInUse to fire
1969599 - images without registry are being prefixed with registry.hub.docker.com instead of docker.io
1969601 - manifest for networks.config.openshift.io CRD uses deprecated apiextensions.k8s.io/v1beta1
1969626 - Portfoward stream cleanup can cause kubelet to panic
1969631 - EncryptionPruneControllerDegraded: etcdserver: request timed out
1969681 - MCO: maxUnavailable of ds/machine-config-daemon does not get updated due to missing resourcemerge check
1969712 - [4.8.0] Assisted service reports a malformed iso when we fail to download the base iso
1969752 - [4.8.0] [assisted operator] Installed Clusters are missing DNS setups
1969773 - [4.8.0] Empty cluster name on handleEnsureISOErrors log after applying InfraEnv.yaml
1969784 - WebTerminal widget should send resize events
1969832 - Applying a profile with multiple inheritance where parents include a common ancestor fails
1969891 - Fix rotated pipelinerun status icon issue in safari
1969900 - Test files should not use deprecated APIs that will trigger APIRemovedInNextReleaseInUse
1969903 - Provisioning a large number of hosts results in an unexpected delay in hosts becoming available
1969951 - Cluster local doesn't work for knative services created from dev console
1969969 - ironic-rhcos-downloader container uses and old base image
1970062 - ccoctl does not work with STS authentication
1970068 - ovnkube-master logs "Failed to find node ips for gateway" error
1970126 - [4.8.0] Disable "metrics-events" when deploying using the operator
1970150 - master pool is still upgrading when machine config reports level / restarts on osimageurl change
1970262 - [4.8.0] Remove Agent CRD Status fields not needed
1970265 - [4.8.0] Add State and StateInfo to DebugInfo in ACI and Agent CRDs
1970269 - [4.8.0] missing role in agent CRD
1970271 - [4.8.0] Add ProgressInfo to Agent and AgentClusterInstalll CRDs
1970381 - Monitoring dashboards: Custom time range inputs should retain their values
1970395 - [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed
1970401 - [4.8.0] AgentLabelSelector is required yet not supported
1970415 - SR-IOV Docs needs documentation for disabling port security on a network
1970470 - Add pipeline annotation to Secrets which are created for a private repo
1970494 - [4.8.0] Missing value-filling of log line in assisted-service operator pod
1970624 - 4.7->4.8 updates: AggregatedAPIDown for v1beta1.metrics.k8s.io
1970828 - "500 Internal Error" for all openshift-monitoring routes
1970975 - 4.7 -> 4.8 upgrades on AWS take longer than expected
1971068 - Removing invalid AWS instances from the CF templates
1971080 - 4.7->4.8 CI: KubePodNotReady due to MCD's 5m sleep between drain attempts
1971188 - Web Console does not show OpenShift Virtualization Menu with VirtualMachine CRDs of version v1alpha3 !
1971293 - [4.8.0] Deleting agent from one namespace causes all agents with the same name to be deleted from all namespaces
1971308 - [4.8.0] AI KubeAPI AgentClusterInstall confusing "Validated" condition about VIP not matching machine network
1971529 - [Dummy bug for robot] 4.7.14 upgrade to 4.8 and then downgrade back to 4.7.14 doesn't work - clusteroperator/kube-apiserver is not upgradeable
1971589 - [4.8.0] Telemetry-client won't report metrics in case the cluster was installed using the assisted operator
1971630 - [4.8.0] ACM/ZTP with Wan emulation fails to start the agent service
1971632 - [4.8.0] ACM/ZTP with Wan emulation, several clusters fail to step past discovery
1971654 - [4.8.0] InfraEnv controller should always requeue for backend response HTTP StatusConflict (code 409)
1971739 - Keep /boot RW when kdump is enabled
1972085 - [4.8.0] Updating configmap within AgentServiceConfig is not logged properly
1972128 - ironic-static-ip-manager container still uses 4.7 base image
1972140 - [4.8.0] ACM/ZTP with Wan emulation, SNO cluster installs do not show as installed although they are
1972167 - Several operators degraded because Failed to create pod sandbox when installing an sts cluster
1972213 - Openshift Installer| UEFI mode | BM hosts have BIOS halted
1972262 - [4.8.0] "baremetalhost.metal3.io/detached" uses boolean value where string is expected
1972426 - Adopt failure can trigger deprovisioning
1972436 - [4.8.0] [DOCS] AgentServiceConfig examples in operator.md doc should each contain databaseStorage + filesystemStorage
1972526 - [4.8.0] clusterDeployments controller should send an event to InfraEnv for backend cluster registration
1972530 - [4.8.0] no indication for missing debugInfo in AgentClusterInstall
1972565 - performance issues due to lost node, pods taking too long to relaunch
1972662 - DPDK KNI modules need some additional tools
1972676 - Requirements for authenticating kernel modules with X.509
1972687 - Using bound SA tokens causes causes failures to /apis/authorization.openshift.io/v1/clusterrolebindings
1972690 - [4.8.0] infra-env condition message isn't informative in case of missing pull secret
1972702 - [4.8.0] Domain dummy.com (not belonging to Red Hat) is being used in a default configuration
1972768 - kube-apiserver setup fail while installing SNO due to port being used
1972864 - Newlocal-with-fallback` service annotation does not preserve source IP
1973018 - Ironic rhcos downloader breaks image cache in upgrade process from 4.7 to 4.8
1973117 - No storage class is installed, OCS and CNV installations fail
1973233 - remove kubevirt images and references
1973237 - RHCOS-shipped stalld systemd units do not use SCHED_FIFO to run stalld.
1973428 - Placeholder bug for OCP 4.8.0 image release
1973667 - [4.8] NetworkPolicy tests were mistakenly marked skipped
1973672 - fix ovn-kubernetes NetworkPolicy 4.7->4.8 upgrade issue
1973995 - [Feature:IPv6DualStack] tests are failing in dualstack
1974414 - Uninstalling kube-descheduler clusterkubedescheduleroperator.4.6.0-202106010807.p0.git.5db84c5 removes some clusterrolebindings
1974447 - Requirements for nvidia GPU driver container for driver toolkit
1974677 - [4.8.0] KubeAPI CVO progress is not available on CR/conditions only in events.
1974718 - Tuned net plugin fails to handle net devices with n/a value for a channel
1974743 - [4.8.0] All resources not being cleaned up after clusterdeployment deletion
1974746 - [4.8.0] File system usage not being logged appropriately
1974757 - [4.8.0] Assisted-service deployed on an IPv6 cluster installed with proxy: agentclusterinstall shows error pulling an image from quay.
1974773 - Using bound SA tokens causes fail to query cluster resource especially in a sts cluster
1974839 - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string
1974850 - [4.8] coreos-installer failing Execshield
1974931 - [4.8.0] Assisted Service Operator should be Infrastructure Operator for Red Hat OpenShift
1974978 - 4.8.0.rc0 upgrade hung, stuck on DNS clusteroperator progressing
1975155 - Kubernetes service IP cannot be accessed for rhel worker
1975227 - [4.8.0] KubeAPI Move conditions consts to CRD types
1975360 - [4.8.0] [master] timeout on kubeAPI subsystem test: SNO full install and validate MetaData
1975404 - [4.8.0] Confusing behavior when multi-node spoke workers present when only controlPlaneAgents specified
1975432 - Alert InstallPlanStepAppliedWithWarnings does not resolve
1975527 - VMware UPI is configuring static IPs via ignition rather than afterburn
1975672 - [4.8.0] Production logs are spammed on "Found unpreparing host: id 08f22447-2cf1-a107-eedf-12c7421f7380 status insufficient"
1975789 - worker nodes rebooted when we simulate a case where the api-server is down
1975938 - gcp-realtime: e2e test failing [sig-storage] Multi-AZ Cluster Volumes should only be allowed to provision PDs in zones where nodes exist [Suite:openshift/conformance/parallel] [Suite:k8s]
1975964 - 4.7 nightly upgrade to 4.8 and then downgrade back to 4.7 nightly doesn't work - ingresscontroller "default" is degraded
1976079 - [4.8.0] Openshift Installer| UEFI mode | BM hosts have BIOS halted
1976263 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1976376 - disable jenkins client plugin test whose Jenkinsfile references master branch openshift/origin artifacts
1976590 - [Tracker] [SNO][assisted-operator][nmstate] Bond Interface is down when booting from the discovery ISO
1977233 - [4.8] Unable to authenticate against IDP after upgrade to 4.8-rc.1
1977351 - CVO pod skipped by workload partitioning with incorrect error stating cluster is not SNO
1977352 - [4.8.0] [SNO] No DNS to cluster API from assisted-installer-controller
1977426 - Installation of OCP 4.6.13 fails when teaming interface is used with OVNKubernetes
1977479 - CI failing on firing CertifiedOperatorsCatalogError due to slow livenessProbe responses
1977540 - sriov webhook not worked when upgrade from 4.7 to 4.8
1977607 - [4.8.0] Post making changes to AgentServiceConfig assisted-service operator is not detecting the change and redeploying assisted-service pod
1977924 - Pod fails to run when a custom SCC with a specific set of volumes is used
1980788 - NTO-shipped stalld can segfault
1981633 - enhance service-ca injection
1982250 - Performance Addon Operator fails to install after catalog source becomes ready
1982252 - olm Operator is in CrashLoopBackOff state with error "couldn't cleanup cross-namespace ownerreferences"
- References:
https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-15106 https://access.redhat.com/security/cve/CVE-2020-15112 https://access.redhat.com/security/cve/CVE-2020-15113 https://access.redhat.com/security/cve/CVE-2020-15114 https://access.redhat.com/security/cve/CVE-2020-15136 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-26541 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20291 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-22133 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/cve/CVE-2021-26539 https://access.redhat.com/security/cve/CVE-2021-26540 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-29059 https://access.redhat.com/security/cve/CVE-2021-29622 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33194 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYQCOF9zjgjWX9erEAQjsEg/+NSFQdRcZpqA34LWRtxn+01y2MO0WLroQ d4o+3h0ECKYNRFKJe6n7z8MdmPpvV2uNYN0oIwidTESKHkFTReQ6ZolcV/sh7A26 Z7E+hhpTTObxAL7Xx8nvI7PNffw3CIOZSpnKws5TdrwuMkH5hnBSSZntP5obp9Vs ImewWWl7CNQtFewtXbcmUojNzIvU1mujES2DTy2ffypLoOW6kYdJzyWubigIoR6h gep9HKf1X4oGPuDNF5trSdxKwi6W68+VsOA25qvcNZMFyeTFhZqowot/Jh1HUHD8 TWVpDPA83uuExi/c8tE8u7VZgakWkRWcJUsIw68VJVOYGvpP6K/MjTpSuP2itgUX X//1RGQM7g6sYTCSwTOIrMAPbYH0IMbGDjcS4fSZcfg6c+WJnEpZ72ZgjHZV8mxb 1BtQSs2lil48/cwDKM0yMO2nYsKiz4DCCx2W5izP0rLwNA8Hvqh9qlFgkxJWWOvA mtBCelB0E74qrE4NXbX+MIF7+ZQKjd1evE91/VWNs0FLR/xXdP3C5ORLU3Fag0G/ 0oTV73NdxP7IXVAdsECwU2AqS9ne1y01zJKtd7hq7H/wtkbasqCNq5J7HikJlLe6 dpKh5ZRQzYhGeQvho9WQfz/jd4HZZTcB6wxrWubbd05bYt/i/0gau90LpuFEuSDx +bLvJlpGiMg= =NJcM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the kernel. An attacker in a guest VM could use this to write to portions of the host’s physical memory. (CVE-2021-3653)
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host’s physical memory. (CVE-2021-3656)
Andy Nguyen discovered that the netfilter subsystem in the Linux kernel contained an out-of-bounds write in its setsockopt() implementation. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22555)
It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909)
Update instructions
The problem can be corrected by updating your kernel livepatch to the following versions:
Ubuntu 20.04 LTS gcp - 81.1 generic - 81.1 gke - 81.1 gkeop - 81.1 lowlatency - 81.1
Ubuntu 18.04 LTS generic - 81.1 gke - 81.1 gkeop - 81.1 lowlatency - 81.1 oem - 81.1
Ubuntu 16.04 ESM generic - 81.1 lowlatency - 81.1
Ubuntu 14.04 ESM generic - 81.1 lowlatency - 81.1
Support Information
Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible.
Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26
Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69
Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-azure - 4.15.0-1078 linux-hwe - 4.15.0-69 linux - 4.4.0-168 linux - 4.4.0-211
Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168
References
- CVE-2021-3653
- CVE-2021-3656
- CVE-2021-22555
- CVE-2021-33909
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.134"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.52"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "3.13"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.16"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.276"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.13.4"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.12.19"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.13"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.276"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.240"
},
{
"model": "sma1000",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "12.4.2-02044"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.12.43"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.198"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.10.52",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.12.19",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.13.4",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.13",
"versionStartIncluding": "3.12.43",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.276",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.276",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.240",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.198",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.134",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:sma1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.4.2-02044",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:sma1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163590"
},
{
"db": "PACKETSTORM",
"id": "163601"
},
{
"db": "PACKETSTORM",
"id": "163606"
},
{
"db": "PACKETSTORM",
"id": "163608"
},
{
"db": "PACKETSTORM",
"id": "163619"
},
{
"db": "PACKETSTORM",
"id": "163568"
},
{
"db": "PACKETSTORM",
"id": "163682"
},
{
"db": "PACKETSTORM",
"id": "163690"
}
],
"trust": 0.8
},
"cve": "CVE-2021-33909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33909",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33909",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-33909",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. 8.1) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. 7.7) - ppc64, ppc64le, x86_64\n\n3. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nBug Fix(es):\n\n* [RHEL7.9.z] n_tty_open: \"BUG: unable to handle kernel paging request\"\n(BZ#1872778)\n\n* [ESXi][RHEL7.8]\"qp_alloc_hypercall result = -20\" / \"Could not attach to\nqueue pair with -20\" with vSphere Fault Tolerance enabled (BZ#1892237)\n\n* [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD\nwith DIAG driver returns EOPNOTSUPP (BZ#1910395)\n\n* False-positive hard lockup detected while processing the thread state\ninformation (SysRq-T) (BZ#1912221)\n\n* RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or\nmore IFL (pci) (BZ#1917943)\n\n* The NMI watchdog detected a hard lockup while printing RCU CPU stall\nwarning messages to the serial console (BZ#1924688)\n\n* nvme hangs when trying to allocate reserved tag (BZ#1926825)\n\n* [REGRESSION] \"call into AER handling regardless of severity\" triggers\ndo_recovery() unnecessarily on correctable PCIe errors (BZ#1933663)\n\n* Module nvme_core: A double free of the kmalloc-512 cache between\nnvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793)\n\n* sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at\nkernel/timer.c:1000! (BZ#1953052)\n\n* [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit\n2a7f8c3b1d3fee is needed (BZ#1953075)\n\n* Kernel panic at cgroup_is_descendant (BZ#1957719)\n\n* [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803)\n\n* IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n[7.9.z] (BZ#1960193)\n\n* mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406)\n\n* incorrect assertion on pi_state-\u003epi_mutex.wait_lock from\npi_state_update_owner() (BZ#1965495)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1824792 - CVE-2020-11668 kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c\n1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function\n1961300 - CVE-2021-33033 kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c\n1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan\n1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1160.36.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm\nkernel-doc-3.10.0-1160.36.2.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.36.2.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nkernel-3.10.0-1160.36.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm\nkernel-doc-3.10.0-1160.36.2.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.36.2.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1160.36.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm\nkernel-doc-3.10.0-1160.36.2.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1160.36.2.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debug-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-devel-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-headers-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-tools-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.ppc64.rpm\nperf-3.10.0-1160.36.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\npython-perf-3.10.0-1160.36.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1160.36.2.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debug-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-devel-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-headers-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-tools-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.ppc64le.rpm\nperf-3.10.0-1160.36.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\npython-perf-3.10.0-1160.36.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1160.36.2.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-debug-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-devel-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-headers-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-kdump-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1160.36.2.el7.s390x.rpm\nperf-3.10.0-1160.36.2.el7.s390x.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\npython-perf-3.10.0-1160.36.2.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1160.36.2.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1160.36.2.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1160.36.2.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm\nkernel-doc-3.10.0-1160.36.2.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.36.2.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-3.10.0-1160.36.2.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-3.10.0-1160.36.2.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.36.2.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand\nperforming administrative tasks. \n\nBug Fix(es):\n\n* xfs umount hangs in xfs_wait_buftarg() due to negative bt_io_count\n(BZ#1949916)\n\n4. \n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nAnsible is a SSH-based configuration management, deployment, and task\nexecution system. The openshift-ansible packages contain Ansible code and\nplaybooks for installing and upgrading OpenShift Container Platform 3. It provides\naggressive parallelism capabilities, uses socket and D-Bus activation for\nstarting services, offers on-demand starting of daemons, and keeps track of\nprocesses using Linux cgroups. In addition, it supports snapshotting and\nrestoring of the system state, maintains mount and automount points, and\nimplements an elaborate transactional dependency-based service control\nlogic. It can also work as a drop-in replacement for sysvinit. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the RHEL-8.3.z source tree\n(BZ#1957359)\n\n* Placeholder bug for OCP 4.7.0 rpm release (BZ#1983534)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.8.2 bug fix and security update\nAdvisory ID: RHSA-2021:2438-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2438\nIssue date: 2021-07-27\nCVE Names: CVE-2016-2183 CVE-2020-7774 CVE-2020-15106 \n CVE-2020-15112 CVE-2020-15113 CVE-2020-15114 \n CVE-2020-15136 CVE-2020-26160 CVE-2020-26541 \n CVE-2020-28469 CVE-2020-28500 CVE-2020-28852 \n CVE-2021-3114 CVE-2021-3121 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3537 CVE-2021-3541 CVE-2021-3636 \n CVE-2021-20206 CVE-2021-20271 CVE-2021-20291 \n CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 \n CVE-2021-21640 CVE-2021-21648 CVE-2021-22133 \n CVE-2021-23337 CVE-2021-23362 CVE-2021-23368 \n CVE-2021-23382 CVE-2021-25735 CVE-2021-25737 \n CVE-2021-26539 CVE-2021-26540 CVE-2021-27292 \n CVE-2021-28092 CVE-2021-29059 CVE-2021-29622 \n CVE-2021-32399 CVE-2021-33034 CVE-2021-33194 \n CVE-2021-33909 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.8.2 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.8.2. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2437\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel\nease-notes.html\n\nSecurity Fix(es):\n\n* SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n(CVE-2016-2183)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106)\n\n* etcd: DoS in wal/wal.go (CVE-2020-15112)\n\n* etcd: directories created via os.MkdirAll are not checked for permissions\n(CVE-2020-15113)\n\n* etcd: gateway can include itself as an endpoint resulting in resource\nexhaustion and leads to DoS (CVE-2020-15114)\n\n* etcd: no authentication is performed against endpoints provided in the\n- --endpoints flag (CVE-2020-15136)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve\n(CVE-2021-3114)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\n* containers/storage: DoS via malicious image (CVE-2021-20291)\n\n* prometheus: open redirect under the /new endpoint (CVE-2021-29622)\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\n* go.elastic.co/apm: leaks sensitive HTTP headers during panic\n(CVE-2021-22133)\n\nSpace precludes listing in detail the following additional CVEs fixes:\n(CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382),\n(CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and\n(CVE-2021-23368)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.2-x86_64\n\nThe image digest is\nssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.2-s390x\n\nThe image digest is\nsha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le\n\nThe image digest is\nsha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.8/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1725981 - oc explain does not work well with full resource.group names\n1747270 - [osp] Machine with name \"\u003ccluster-id\u003e-worker\"couldn\u0027t join the cluster\n1772993 - rbd block devices attached to a host are visible in unprivileged container pods\n1786273 - [4.6] KAS pod logs show \"error building openapi models ... has invalid property: anyOf\" for CRDs\n1786314 - [IPI][OSP] Install fails on OpenStack with self-signed certs unless the node running the installer has the CA cert in its system trusts\n1801407 - Router in v4v6 mode puts brackets around IPv4 addresses in the Forwarded header\n1812212 - ArgoCD example application cannot be downloaded from github\n1817954 - [ovirt] Workers nodes are not numbered sequentially\n1824911 - PersistentVolume yaml editor is read-only with system:persistent-volume-provisioner ClusterRole\n1825219 - openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1825417 - The containerruntimecontroller doesn\u0027t roll back to CR-1 if we delete CR-2\n1834551 - ClusterOperatorDown fires when operator is only degraded; states will block upgrades\n1835264 - Intree provisioner doesn\u0027t respect PVC.spec.dataSource sometimes\n1839101 - Some sidebar links in developer perspective don\u0027t follow same project\n1840881 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes\n1846875 - Network setup test high failure rate\n1848151 - Console continues to poll the ClusterVersion resource when the user doesn\u0027t have authority\n1850060 - After upgrading to 3.11.219 timeouts are appearing. \n1852637 - Kubelet sets incorrect image names in node status images section\n1852743 - Node list CPU column only show usage\n1853467 - container_fs_writes_total is inconsistent with CPU/memory in summarizing cgroup values\n1857008 - [Edge] [BareMetal] Not provided STATE value for machines\n1857477 - Bad helptext for storagecluster creation\n1859382 - check-endpoints panics on graceful shutdown\n1862084 - Inconsistency of time formats in the OpenShift web-console\n1864116 - Cloud credential operator scrolls warnings about unsupported platform\n1866222 - Should output all options when runing `operator-sdk init --help`\n1866318 - [RHOCS Usability Study][Dashboard] Users found it difficult to navigate to the OCS dashboard\n1866322 - [RHOCS Usability Study][Dashboard] Alert details page does not help to explain the Alert\n1866331 - [RHOCS Usability Study][Dashboard] Users need additional tooltips or definitions\n1868755 - [vsphere] terraform provider vsphereprivate crashes when network is unavailable on host\n1868870 - CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions\n1868872 - CVE-2020-15112 etcd: DoS in wal/wal.go\n1868874 - CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS\n1868880 - CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag\n1868883 - CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method\n1871303 - [sig-instrumentation] Prometheus when installed on the cluster should have important platform topology metrics\n1871770 - [IPI baremetal] The Keepalived.conf file is not indented evenly\n1872659 - ClusterAutoscaler doesn\u0027t scale down when a node is not needed anymore\n1873079 - SSH to api and console route is possible when the clsuter is hosted on Openstack\n1873649 - proxy.config.openshift.io should validate user inputs\n1874322 - openshift/oauth-proxy: htpasswd using SHA1 to store credentials\n1874931 - Accessibility - Keyboard shortcut to exit YAML editor not easily discoverable\n1876918 - scheduler test leaves taint behind\n1878199 - Remove Log Level Normalization controller in cluster-config-operator release N+1\n1878655 - [aws-custom-region] creating manifests take too much time when custom endpoint is unreachable\n1878685 - Ingress resource with \"Passthrough\" annotation does not get applied when using the newer \"networking.k8s.io/v1\" API\n1879077 - Nodes tainted after configuring additional host iface\n1879140 - console auth errors not understandable by customers\n1879182 - switch over to secure access-token logging by default and delete old non-sha256 tokens\n1879184 - CVO must detect or log resource hotloops\n1879495 - [4.6] namespace \\\u201copenshift-user-workload-monitoring\\\u201d does not exist\u201d\n1879638 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string\n1879944 - [OCP 4.8] Slow PV creation with vsphere\n1880757 - AWS: master not removed from LB/target group when machine deleted\n1880758 - Component descriptions in cloud console have bad description (Managed by Terraform)\n1881210 - nodePort for router-default metrics with NodePortService does not exist\n1881481 - CVO hotloops on some service manifests\n1881484 - CVO hotloops on deployment manifests\n1881514 - CVO hotloops on imagestreams from cluster-samples-operator\n1881520 - CVO hotloops on (some) clusterrolebindings\n1881522 - CVO hotloops on clusterserviceversions packageserver\n1881662 - Error getting volume limit for plugin kubernetes.io/\u003cname\u003e in kubelet logs\n1881694 - Evidence of disconnected installs pulling images from the local registry instead of quay.io\n1881938 - migrator deployment doesn\u0027t tolerate masters\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883587 - No option for user to select volumeMode\n1883993 - Openshift 4.5.8 Deleting pv disk vmdk after delete machine\n1884053 - cluster DNS experiencing disruptions during cluster upgrade in insights cluster\n1884800 - Failed to set up mount unit: Invalid argument\n1885186 - Removing ssh keys MC does not remove the key from authorized_keys\n1885349 - [IPI Baremetal] Proxy Information Not passed to metal3\n1885717 - activeDeadlineSeconds DeadlineExceeded does not show terminated container statuses\n1886572 - auth: error contacting auth provider when extra ingress (not default) goes down\n1887849 - When creating new storage class failure_domain is missing. \n1888712 - Worker nodes do not come up on a baremetal IPI deployment with control plane network configured on a vlan on top of bond interface due to Pending CSRs\n1889689 - AggregatedAPIErrors alert may never fire\n1890678 - Cypress: Fix \u0027structure\u0027 accesibility violations\n1890828 - Intermittent prune job failures causing operator degradation\n1891124 - CP Conformance: CRD spec and status failures\n1891301 - Deleting bmh by \"oc delete bmh\u0027 get stuck\n1891696 - [LSO] Add capacity UI does not check for node present in selected storageclass\n1891766 - [LSO] Min-Max filter\u0027s from OCS wizard accepts Negative values and that cause PV not getting created\n1892642 - oauth-server password metrics do not appear in UI after initial OCP installation\n1892718 - HostAlreadyClaimed: The new route cannot be loaded with a new api group version\n1893850 - Add an alert for requests rejected by the apiserver\n1893999 - can\u0027t login ocp cluster with oc 4.7 client without the username\n1895028 - [gcp-pd-csi-driver-operator] Volumes created by CSI driver are not deleted on cluster deletion\n1895053 - Allow builds to optionally mount in cluster trust stores\n1896226 - recycler-pod template should not be in kubelet static manifests directory\n1896321 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1896751 - [RHV IPI] Worker nodes stuck in the Provisioning Stage if the machineset has a long name\n1897415 - [Bare Metal - Ironic] provide the ability to set the cipher suite for ipmitool when doing a Bare Metal IPI install\n1897621 - Auth test.Login test.logs in as kubeadmin user: Timeout\n1897918 - [oVirt] e2e tests fail due to kube-apiserver not finishing\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1899057 - fix spurious br-ex MAC address error log\n1899187 - [Openstack] node-valid-hostname.service failes during the first boot leading to 5 minute provisioning delay\n1899587 - [External] RGW usage metrics shown on Object Service Dashboard is incorrect\n1900454 - Enable host-based disk encryption on Azure platform\n1900819 - Scaled ingress replicas following sharded pattern don\u0027t balance evenly across multi-AZ\n1901207 - Search Page - Pipeline resources table not immediately updated after Name filter applied or removed\n1901535 - Remove the managingOAuthAPIServer field from the authentication.operator API\n1901648 - \"do you need to set up custom dns\" tooltip inaccurate\n1902003 - Jobs Completions column is not sorting when there are \"0 of 1\" and \"1 of 1\" in the list. \n1902076 - image registry operator should monitor status of its routes\n1902247 - openshift-oauth-apiserver apiserver pod crashloopbackoffs\n1903055 - [OSP] Validation should fail when no any IaaS flavor or type related field are given\n1903228 - Pod stuck in Terminating, runc init process frozen\n1903383 - Latest RHCOS 47.83. builds failing to install: mount /root.squashfs failed\n1903553 - systemd container renders node NotReady after deleting it\n1903700 - metal3 Deployment doesn\u0027t have unique Pod selector\n1904006 - The --dir option doest not work for command `oc image extract`\n1904505 - Excessive Memory Use in Builds\n1904507 - vsphere-problem-detector: implement missing metrics\n1904558 - Random init-p error when trying to start pod\n1905095 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests\n1905147 - ConsoleQuickStart Card\u0027s prerequisites is a combined text instead of a list\n1905159 - Installation on previous unused dasd fails after formatting\n1905331 - openshift-multus initContainer multus-binary-copy, etc. are not requesting required resources: cpu, memory\n1905460 - Deploy using virtualmedia for disabled provisioning network on real BM(HPE) fails\n1905577 - Control plane machines not adopted when provisioning network is disabled\n1905627 - Warn users when using an unsupported browser such as IE\n1905709 - Machine API deletion does not properly handle stopped instances on AWS or GCP\n1905849 - Default volumesnapshotclass should be created when creating default storageclass\n1906056 - Bundles skipped via the `skips` field cannot be pinned\n1906102 - CBO produces standard metrics\n1906147 - ironic-rhcos-downloader should not use --insecure\n1906304 - Unexpected value NaN parsing x/y attribute when viewing pod Memory/CPU usage chart\n1906740 - [aws]Machine should be \"Failed\" when creating a machine with invalid region\n1907309 - Migrate controlflow v1alpha1 to v1beta1 in storage\n1907315 - the internal load balancer annotation for AWS should use \"true\" instead of \"0.0.0.0/0\" as value\n1907353 - [4.8] OVS daemonset is wasting resources even though it doesn\u0027t do anything\n1907614 - Update kubernetes deps to 1.20\n1908068 - Enable DownwardAPIHugePages feature gate\n1908169 - The example of Import URL is \"Fedora cloud image list\" for all templates. \n1908170 - sriov network resource injector: Hugepage injection doesn\u0027t work with mult container\n1908343 - Input labels in Manage columns modal should be clickable\n1908378 - [sig-network] pods should successfully create sandboxes by getting pod - Static Pod Failures\n1908655 - \"Evaluating rule failed\" for \"record: node:node_num_cpu:sum\" rule\n1908762 - [Dualstack baremetal cluster] multicast traffic is not working on ovn-kubernetes\n1908765 - [SCALE] enable OVN lflow data path groups\n1908774 - [SCALE] enable OVN DB memory trimming on compaction\n1908916 - CNO: turn on OVN DB RAFT diffs once all master DB pods are capable of it\n1909091 - Pod/node/ip/template isn\u0027t showing when vm is running\n1909600 - Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error\n1909849 - release-openshift-origin-installer-e2e-aws-upgrade-fips-4.4 is perm failing\n1909875 - [sig-cluster-lifecycle] Cluster version operator acknowledges upgrade : timed out waiting for cluster to acknowledge upgrade\n1910067 - UPI: openstacksdk fails on \"server group list\"\n1910113 - periodic-ci-openshift-release-master-ocp-4.5-ci-e2e-44-stable-to-45-ci is never passing\n1910318 - OC 4.6.9 Installer failed: Some pods are not scheduled: 3 node(s) didn\u0027t match node selector: AWS compute machines without status\n1910378 - socket timeouts for webservice communication between pods\n1910396 - 4.6.9 cred operator should back-off when provisioning fails on throttling\n1910500 - Could not list CSI provisioner on web when create storage class on GCP platform\n1911211 - Should show the cert-recovery-controller version correctly\n1911470 - ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames\n1912571 - libvirt: Support setting dnsmasq options through the install config\n1912820 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade\n1913112 - BMC details should be optional for unmanaged hosts\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913341 - GCP: strange cluster behavior in CI run\n1913399 - switch to v1beta1 for the priority and fairness APIs\n1913525 - Panic in OLM packageserver when invoking webhook authorization endpoint\n1913532 - After a 4.6 to 4.7 upgrade, a node went unready\n1913974 - snapshot test periodically failing with \"can\u0027t open \u0027/mnt/test/data\u0027: No such file or directory\"\n1914127 - Deletion of oc get svc router-default -n openshift-ingress hangs\n1914446 - openshift-service-ca-operator and openshift-service-ca pods run as root\n1914994 - Panic observed in k8s-prometheus-adapter since k8s 1.20\n1915122 - Size of the hostname was preventing proper DNS resolution of the worker node names\n1915693 - Not able to install gpu-operator on cpumanager enabled node. \n1915971 - Role and Role Binding breadcrumbs do not work as expected\n1916116 - the left navigation menu would not be expanded if repeat clicking the links in Overview page\n1916118 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall\n1916392 - scrape priority and fairness endpoints for must-gather\n1916450 - Alertmanager: add title and text fields to Adv. config. section of Slack Receiver form\n1916489 - [sig-scheduling] SchedulerPriorities [Serial] fails with \"Error waiting for 1 pods to be running - probably a timeout: Timeout while waiting for pods with labels to be ready\"\n1916553 - Default template\u0027s description is empty on details tab\n1916593 - Destroy cluster sometimes stuck in a loop\n1916872 - need ability to reconcile exgw annotations on pod add\n1916890 - [OCP 4.7] api or api-int not available during installation\n1917241 - [en_US] The tooltips of Created date time is not easy to read in all most of UIs. \n1917282 - [Migration] MCO stucked for rhel worker after enable the migration prepare state\n1917328 - It should default to current namespace when create vm from template action on details page\n1917482 - periodic-ci-openshift-release-master-ocp-4.7-e2e-metal-ipi failing with \"cannot go from state \u0027deploy failed\u0027 to state \u0027manageable\u0027\"\n1917485 - [oVirt] ovirt machine/machineset object has missing some field validations\n1917667 - Master machine config pool updates are stalled during the migration from SDN to OVNKube. \n1917906 - [oauth-server] bump k8s.io/apiserver to 1.20.3\n1917931 - [e2e-gcp-upi] failing due to missing pyopenssl library\n1918101 - [vsphere]Delete Provisioning machine took about 12 minutes\n1918376 - Image registry pullthrough does not support ICSP, mirroring e2es do not pass\n1918442 - Service Reject ACL does not work on dualstack\n1918723 - installer fails to write boot record on 4k scsi lun on s390x\n1918729 - Add hide/reveal button for the token field in the KMS configuration page\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1918785 - Pod request and limit calculations in console are incorrect\n1918910 - Scale from zero annotations should not requeue if instance type missing\n1919032 - oc image extract - will not extract files from image rootdir - \"error: unexpected directory from mapping tests.test\"\n1919048 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0\n1919151 - [Azure] dnsrecords with invalid domain should not be published to Azure dnsZone\n1919168 - `oc adm catalog mirror` doesn\u0027t work for the air-gapped cluster\n1919291 - [Cinder-csi-driver] Filesystem did not expand for on-line volume resize\n1919336 - vsphere-problem-detector should check if datastore is part of datastore cluster\n1919356 - Add missing profile annotation in cluster-update-keys manifests\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1919398 - Permissive Egress NetworkPolicy (0.0.0.0/0) is blocking all traffic\n1919406 - OperatorHub filter heading \"Provider Type\" should be \"Source\"\n1919737 - hostname lookup delays when master node down\n1920209 - Multus daemonset upgrade takes the longest time in the cluster during an upgrade\n1920221 - GCP jobs exhaust zone listing query quota sometimes due to too many initializations of cloud provider in tests\n1920300 - cri-o does not support configuration of stream idle time\n1920307 - \"VM not running\" should be \"Guest agent required\" on vm details page in dev console\n1920532 - Problem in trying to connect through the service to a member that is the same as the caller. \n1920677 - Various missingKey errors in the devconsole namespace\n1920699 - Operation cannot be fulfilled on clusterresourcequotas.quota.openshift.io error when creating different OpenShift resources\n1920901 - [4.7]\"500 Internal Error\" for prometheus route in https_proxy cluster\n1920903 - oc adm top reporting unknown status for Windows node\n1920905 - Remove DNS lookup workaround from cluster-api-provider\n1921106 - A11y Violation: button name(s) on Utilization Card on Cluster Dashboard\n1921184 - kuryr-cni binds to wrong interface on machine with two interfaces\n1921227 - Fix issues related to consuming new extensions in Console static plugins\n1921264 - Bundle unpack jobs can hang indefinitely\n1921267 - ResourceListDropdown not internationalized\n1921321 - SR-IOV obliviously reboot the node\n1921335 - ThanosSidecarUnhealthy\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921720 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel]\n1921763 - operator registry has high memory usage in 4.7... cleanup row closes\n1921778 - Push to stage now failing with semver issues on old releases\n1921780 - Search page not fully internationalized\n1921781 - DefaultList component not internationalized\n1921878 - [kuryr] Egress network policy with namespaceSelector in Kuryr behaves differently than in OVN-Kubernetes\n1921885 - Server-side Dry-run with Validation Downloads Entire OpenAPI spec often\n1921892 - MAO: controller runtime manager closes event recorder\n1921894 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated\n1921937 - During upgrade /etc/hostname becomes a directory, nodes are set with kubernetes.io/hostname=localhost label\n1921953 - ClusterServiceVersion property inference does not infer package and version\n1922063 - \"Virtual Machine\" should be \"Templates\" in template wizard\n1922065 - Rootdisk size is default to 15GiB in customize wizard\n1922235 - [build-watch] e2e-aws-upi - e2e-aws-upi container setup failing because of Python code version mismatch\n1922264 - Restore snapshot as a new PVC: RWO/RWX access modes are not click-able if parent PVC is deleted\n1922280 - [v2v] on the upstream release, In VM import wizard I see RHV but no oVirt\n1922646 - Panic in authentication-operator invoking webhook authorization\n1922648 - FailedCreatePodSandBox due to \"failed to pin namespaces [uts]: [pinns:e]: /var/run/utsns exists and is not a directory: File exists\"\n1922764 - authentication operator is degraded due to number of kube-apiservers\n1922992 - some button text on YAML sidebar are not translated\n1922997 - [Migration]The SDN migration rollback failed. \n1923038 - [OSP] Cloud Info is loaded twice\n1923157 - Ingress traffic performance drop due to NodePort services\n1923786 - RHV UPI fails with unhelpful message when ASSET_DIR is not set. \n1923811 - Registry claims Available=True despite .status.readyReplicas == 0 while .spec.replicas == 2\n1923847 - Error occurs when creating pods if configuring multiple key-only labels in default cluster-wide node selectors or project-wide node selectors\n1923984 - Incorrect anti-affinity for UWM prometheus\n1924020 - panic: runtime error: index out of range [0] with length 0\n1924075 - kuryr-controller restart when enablePortPoolsPrepopulation = true\n1924083 - \"Activity\" Pane of Persistent Storage tab shows events related to Noobaa too\n1924140 - [OSP] Typo in OPENSHFIT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS variable\n1924171 - ovn-kube must handle single-stack to dual-stack migration\n1924358 - metal UPI setup fails, no worker nodes\n1924502 - Failed to start transient scope unit: Argument list too long / systemd[1]: Failed to set up mount unit: Invalid argument\n1924536 - \u0027More about Insights\u0027 link points to support link\n1924585 - \"Edit Annotation\" are not correctly translated in Chinese\n1924586 - Control Plane status and Operators status are not fully internationalized\n1924641 - [User Experience] The message \"Missing storage class\" needs to be displayed after user clicks Next and needs to be rephrased\n1924663 - Insights operator should collect related pod logs when operator is degraded\n1924701 - Cluster destroy fails when using byo with Kuryr\n1924728 - Difficult to identify deployment issue if the destination disk is too small\n1924729 - Create Storageclass for CephFS provisioner assumes incorrect default FSName in external mode (side-effect of fix for Bug 1878086)\n1924747 - InventoryItem doesn\u0027t internationalize resource kind\n1924788 - Not clear error message when there are no NADs available for the user\n1924816 - Misleading error messages in ironic-conductor log\n1924869 - selinux avc deny after installing OCP 4.7\n1924916 - PVC reported as Uploading when it is actually cloning\n1924917 - kuryr-controller in crash loop if IP is removed from secondary interfaces\n1924953 - newly added \u0027excessive etcd leader changes\u0027 test case failing in serial job\n1924968 - Monitoring list page filter options are not translated\n1924983 - some components in utils directory not localized\n1925017 - [UI] VM Details-\u003e Network Interfaces, \u0027Name,\u0027 is displayed instead on \u0027Name\u0027\n1925061 - Prometheus backed by a PVC may start consuming a lot of RAM after 4.6 -\u003e 4.7 upgrade due to series churn\n1925083 - Some texts are not marked for translation on idp creation page. \n1925087 - Add i18n support for the Secret page\n1925148 - Shouldn\u0027t create the redundant imagestream when use `oc new-app --name=testapp2 -i ` with exist imagestream\n1925207 - VM from custom template - cloudinit disk is not added if creating the VM from custom template using customization wizard\n1925216 - openshift installer fails immediately failed to fetch Install Config\n1925236 - OpenShift Route targets every port of a multi-port service\n1925245 - oc idle: Clusters upgrading with an idled workload do not have annotations on the workload\u0027s service\n1925261 - Items marked as mandatory in KMS Provider form are not enforced\n1925291 - Baremetal IPI - While deploying with IPv6 provision network with subnet other than /64 masters fail to PXE boot\n1925343 - [ci] e2e-metal tests are not using reserved instances\n1925493 - Enable snapshot e2e tests\n1925586 - cluster-etcd-operator is leaking transports\n1925614 - Error: InstallPlan.operators.coreos.com not found\n1925698 - On GCP, load balancers report kube-apiserver fails its /readyz check 50% of the time, causing load balancer backend churn and disruptions to apiservers\n1926029 - [RFE] Either disable save or give warning when no disks support snapshot\n1926054 - Localvolume CR is created successfully, when the storageclass name defined in the localvolume exists. \n1926072 - Close button (X) does not work in the new \"Storage cluster exists\" Warning alert message(introduced via fix for Bug 1867400)\n1926082 - Insights operator should not go degraded during upgrade\n1926106 - [ja_JP][zh_CN] Create Project, Delete Project and Delete PVC modal are not fully internationalized\n1926115 - Texts in \u201cInsights\u201d popover on overview page are not marked for i18n\n1926123 - Pseudo bug: revert \"force cert rotation every couple days for development\" in 4.7\n1926126 - some kebab/action menu translation issues\n1926131 - Add HPA page is not fully internationalized\n1926146 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it\n1926154 - Create new pool with arbiter - wrong replica\n1926278 - [oVirt] consume K8S 1.20 packages\n1926279 - Pod ignores mtu setting from sriovNetworkNodePolicies in case of PF partitioning\n1926285 - ignore pod not found status messages\n1926289 - Accessibility: Modal content hidden from screen readers\n1926310 - CannotRetrieveUpdates alerts on Critical severity\n1926329 - [Assisted-4.7][Staging] monitoring stack in staging is being overloaded by the amount of metrics being exposed by assisted-installer pods and scraped by prometheus. \n1926336 - Service details can overflow boxes at some screen widths\n1926346 - move to go 1.15 and registry.ci.openshift.org\n1926364 - Installer timeouts because proxy blocked connection to Ironic API running on bootstrap VM\n1926465 - bootstrap kube-apiserver does not have --advertise-address set \u2013 was: [BM][IPI][DualStack] Installation fails cause Kubernetes service doesn\u0027t have IPv6 endpoints\n1926484 - API server exits non-zero on 2 SIGTERM signals\n1926547 - OpenShift installer not reporting IAM permission issue when removing the Shared Subnet Tag\n1926579 - Setting .spec.policy is deprecated and will be removed eventually. Please use .spec.profile instead is being logged every 3 seconds in scheduler operator log\n1926598 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results\n1926776 - \"Template support\" modal appears when select the RHEL6 common template\n1926835 - [e2e][automation] prow gating use unsupported CDI version\n1926843 - pipeline with finally tasks status is improper\n1926867 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade\n1926893 - When deploying the operator via OLM (after creating the respective catalogsource), the deployment \"lost\" the `resources` section. \n1926903 - NTO may fail to disable stalld when relying on Tuned \u0027[service]\u0027 plugin\n1926931 - Inconsistent ovs-flow rule on one of the app node for egress node\n1926943 - vsphere-problem-detector: Alerts in CI jobs\n1926977 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs\n1927013 - Tables don\u0027t render properly at smaller screen widths\n1927017 - CCO does not relinquish leadership when restarting for proxy CA change\n1927042 - Empty static pod files on UPI deployments are confusing\n1927047 - multiple external gateway pods will not work in ingress with IP fragmentation\n1927068 - Workers fail to PXE boot when IPv6 provisionining network has subnet other than /64\n1927075 - [e2e][automation] Fix pvc string in pvc.view\n1927118 - OCP 4.7: NVIDIA GPU Operator DCGM metrics not displayed in OpenShift Console Monitoring Metrics page\n1927244 - UPI installation with Kuryr timing out on bootstrap stage\n1927263 - kubelet service takes around 43 secs to start container when started from stopped state\n1927264 - FailedCreatePodSandBox due to multus inability to reach apiserver\n1927310 - Performance: Console makes unnecessary requests for en-US messages on load\n1927340 - Race condition in OperatorCondition reconcilation\n1927366 - OVS configuration service unable to clone NetworkManager\u0027s connections in the overlay FS\n1927391 - Fix flake in TestSyncPodsDeletesWhenSourcesAreReady\n1927393 - 4.7 still points to 4.6 catalog images\n1927397 - p\u0026f: add auto update for priority \u0026 fairness bootstrap configuration objects\n1927423 - Happy \"Not Found\" and no visible error messages on error-list page when /silences 504s\n1927465 - Homepage dashboard content not internationalized\n1927678 - Reboot interface defaults to softPowerOff so fencing is too slow\n1927731 - /usr/lib/dracut/modules.d/30ignition/ignition --version sigsev\n1927797 - \u0027Pod(s)\u0027 should be included in the pod donut label when a horizontal pod autoscaler is enabled\n1927882 - Can\u0027t create cluster role binding from UI when a project is selected\n1927895 - global RuntimeConfig is overwritten with merge result\n1927898 - i18n Admin Notifier\n1927902 - i18n Cluster Utilization dashboard duration\n1927903 - \"CannotRetrieveUpdates\" - critical error in openshift web console\n1927925 - Manually misspelled as Manualy\n1927941 - StatusDescriptor detail item and Status component can cause runtime error when the status is an object or array\n1927942 - etcd should use socket option (SO_REUSEADDR) instead of wait for port release on process restart\n1927944 - cluster version operator cycles terminating state waiting for leader election\n1927993 - Documentation Links in OKD Web Console are not Working\n1928008 - Incorrect behavior when we click back button after viewing the node details in Internal-attached mode\n1928045 - N+1 scaling Info message says \"single zone\" even if the nodes are spread across 2 or 0 zones\n1928147 - Domain search set in the required domains in Option 119 of DHCP Server is ignored by RHCOS on RHV\n1928157 - 4.7 CNO claims to be done upgrading before it even starts\n1928164 - Traffic to outside the cluster redirected when OVN is used and NodePort service is configured\n1928297 - HAProxy fails with 500 on some requests\n1928473 - NetworkManager overlay FS not being created on None platform\n1928512 - sap license management logs gatherer\n1928537 - Cannot IPI with tang/tpm disk encryption\n1928640 - Definite error message when using StorageClass based on azure-file / Premium_LRS\n1928658 - Update plugins and Jenkins version to prepare openshift-sync-plugin 1.0.46 release\n1928850 - Unable to pull images due to limited quota on Docker Hub\n1928851 - manually creating NetNamespaces will break things and this is not obvious\n1928867 - golden images - DV should not be created with WaitForFirstConsumer\n1928869 - Remove css required to fix search bug in console caused by pf issue in 2021.1\n1928875 - Update translations\n1928893 - Memory Pressure Drop Down Info is stating \"Disk\" capacity is low instead of memory\n1928931 - DNSRecord CRD is using deprecated v1beta1 API\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1929052 - Add new Jenkins agent maven dir for 3.6\n1929056 - kube-apiserver-availability.rules are failing evaluation\n1929110 - LoadBalancer service check test fails during vsphere upgrade\n1929136 - openshift isn\u0027t able to mount nfs manila shares to pods\n1929175 - LocalVolumeSet: PV is created on disk belonging to other provisioner\n1929243 - Namespace column missing in Nodes Node Details / pods tab\n1929277 - Monitoring workloads using too high a priorityclass\n1929281 - Update Tech Preview badge to transparent border color when upgrading to PatternFly v4.87.1\n1929314 - ovn-kubernetes endpoint slice controller doesn\u0027t run on CI jobs\n1929359 - etcd-quorum-guard uses origin-cli [4.8]\n1929577 - Edit Application action overwrites Deployment envFrom values on save\n1929654 - Registry for Azure uses legacy V1 StorageAccount\n1929693 - Pod stuck at \"ContainerCreating\" status\n1929733 - oVirt CSI driver operator is constantly restarting\n1929769 - Getting 404 after switching user perspective in another tab and reload Project details\n1929803 - Pipelines shown in edit flow for Workloads created via ContainerImage flow\n1929824 - fix alerting on volume name check for vsphere\n1929917 - Bare-metal operator is firing for ClusterOperatorDown for 15m during 4.6 to 4.7 upgrade\n1929944 - The etcdInsufficientMembers alert fires incorrectly when any instance is down and not when quorum is lost\n1930007 - filter dropdown item filter and resource list dropdown item filter doesn\u0027t support multi selection\n1930015 - OS list is overlapped by buttons in template wizard\n1930064 - Web console crashes during VM creation from template when no storage classes are defined\n1930220 - Cinder CSI driver is not able to mount volumes under heavier load\n1930240 - Generated clouds.yaml incomplete when provisioning network is disabled\n1930248 - After creating a remediation flow and rebooting a worker there is no access to the openshift-web-console\n1930268 - intel vfio devices are not expose as resources\n1930356 - Darwin binary missing from mirror.openshift.com\n1930393 - Gather info about unhealthy SAP pods\n1930546 - Monitoring-dashboard-workload keep loading when user with cluster-role cluster-monitoring-view login develoer console\n1930570 - Jenkins templates are displayed in Developer Catalog twice\n1930620 - the logLevel field in containerruntimeconfig can\u0027t be set to \"trace\"\n1930631 - Image local-storage-mustgather in the doc does not come from product registry\n1930893 - Backport upstream patch 98956 for pod terminations\n1931005 - Related objects page doesn\u0027t show the object when its name is empty\n1931103 - remove periodic log within kubelet\n1931115 - Azure cluster install fails with worker type workers Standard_D4_v2\n1931215 - [RFE] Cluster-api-provider-ovirt should handle affinity groups\n1931217 - [RFE] Installer should create RHV Affinity group for OCP cluster VMS\n1931467 - Kubelet consuming a large amount of CPU and memory and node becoming unhealthy\n1931505 - [IPI baremetal] Two nodes hold the VIP post remove and start of the Keepalived container\n1931522 - Fresh UPI install on BM with bonding using OVN Kubernetes fails\n1931529 - SNO: mentioning of 4 nodes in error message - Cluster network CIDR prefix 24 does not contain enough addresses for 4 hosts each one with 25 prefix (128 addresses)\n1931629 - Conversational Hub Fails due to ImagePullBackOff\n1931637 - Kubeturbo Operator fails due to ImagePullBackOff\n1931652 - [single-node] etcd: discover-etcd-initial-cluster graceful termination race. \n1931658 - [single-node] cluster-etcd-operator: cluster never pivots from bootstrapIP endpoint\n1931674 - [Kuryr] Enforce nodes MTU for the Namespaces and Pods\n1931852 - Ignition HTTP GET is failing, because DHCP IPv4 config is failing silently\n1931883 - Fail to install Volume Expander Operator due to CrashLookBackOff\n1931949 - Red Hat Integration Camel-K Operator keeps stuck in Pending state\n1931974 - Operators cannot access kubeapi endpoint on OVNKubernetes on ipv6\n1931997 - network-check-target causes upgrade to fail from 4.6.18 to 4.7\n1932001 - Only one of multiple subscriptions to the same package is honored\n1932097 - Apiserver liveness probe is marking it as unhealthy during normal shutdown\n1932105 - machine-config ClusterOperator claims level while control-plane still updating\n1932133 - AWS EBS CSI Driver doesn\u2019t support \u201ccsi.storage.k8s.io/fsTyps\u201d parameter\n1932135 - When \u201ciopsPerGB\u201d parameter is not set, event for AWS EBS CSI Driver provisioning is not clear\n1932152 - When \u201ciopsPerGB\u201d parameter is set to a wrong number, events for AWS EBS CSI Driver provisioning are not clear\n1932154 - [AWS ] machine stuck in provisioned phase , no warnings or errors\n1932182 - catalog operator causing CPU spikes and bad etcd performance\n1932229 - Can\u2019t find kubelet metrics for aws ebs csi volumes\n1932281 - [Assisted-4.7][UI] Unable to change upgrade channel once upgrades were discovered\n1932323 - CVE-2021-26540 sanitize-html: improper validation of hostnames set by the \"allowedIframeHostnames\" option can lead to bypass hostname whitelist for iframe element\n1932324 - CRIO fails to create a Pod in sandbox stage - starting container process caused: process_linux.go:472: container init caused: Running hook #0:: error running hook: exit status 255, stdout: , stderr: \\\"\\n\"\n1932362 - CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation\n1932401 - Cluster Ingress Operator degrades if external LB redirects http to https because of new \"canary\" route\n1932453 - Update Japanese timestamp format\n1932472 - Edit Form/YAML switchers cause weird collapsing/code-folding issue\n1932487 - [OKD] origin-branding manifest is missing cluster profile annotations\n1932502 - Setting MTU for a bond interface using Kernel arguments is not working\n1932618 - Alerts during a test run should fail the test job, but were not\n1932624 - ClusterMonitoringOperatorReconciliationErrors is pending at the end of an upgrade and probably should not be\n1932626 - During a 4.8 GCP upgrade OLM fires an alert indicating the operator is unhealthy\n1932673 - Virtual machine template provided by red hat should not be editable. The UI allows to edit and then reverse the change after it was made\n1932789 - Proxy with port is unable to be validated if it overlaps with service/cluster network\n1932799 - During a hive driven baremetal installation the process does not go beyond 80% in the bootstrap VM\n1932805 - e2e: test OAuth API connections in the tests by that name\n1932816 - No new local storage operator bundle image is built\n1932834 - enforce the use of hashed access/authorize tokens\n1933101 - Can not upgrade a Helm Chart that uses a library chart in the OpenShift dev console\n1933102 - Canary daemonset uses default node selector\n1933114 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Suite:openshift/conformance/parallel/minimal]\n1933159 - multus DaemonSets should use maxUnavailable: 33%\n1933173 - openshift-sdn/sdn DaemonSet should use maxUnavailable: 10%\n1933174 - openshift-sdn/ovs DaemonSet should use maxUnavailable: 10%\n1933179 - network-check-target DaemonSet should use maxUnavailable: 10%\n1933180 - openshift-image-registry/node-ca DaemonSet should use maxUnavailable: 10%\n1933184 - openshift-cluster-csi-drivers DaemonSets should use maxUnavailable: 10%\n1933263 - user manifest with nodeport services causes bootstrap to block\n1933269 - Cluster unstable replacing an unhealthy etcd member\n1933284 - Samples in CRD creation are ordered arbitarly\n1933414 - Machines are created with unexpected name for Ports\n1933599 - bump k8s.io/apiserver to 1.20.3\n1933630 - [Local Volume] Provision disk failed when disk label has unsupported value like \":\"\n1933664 - Getting Forbidden for image in a container template when creating a sample app\n1933708 - Grafana is not displaying deployment config resources in dashboard `Default /Kubernetes / Compute Resources / Namespace (Workloads)`\n1933711 - EgressDNS: Keep short lived records at most 30s\n1933730 - [AI-UI-Wizard] Toggling \"Use extra disks for local storage\" checkbox highlights the \"Next\" button to move forward but grays out once clicked\n1933761 - Cluster DNS service caps TTLs too low and thus evicts from its cache too aggressively\n1933772 - MCD Crash Loop Backoff\n1933805 - TargetDown alert fires during upgrades because of normal upgrade behavior\n1933857 - Details page can throw an uncaught exception if kindObj prop is undefined\n1933880 - Kuryr-Controller crashes when it\u0027s missing the status object\n1934021 - High RAM usage on machine api termination node system oom\n1934071 - etcd consuming high amount of memory and CPU after upgrade to 4.6.17\n1934080 - Both old and new Clusterlogging CSVs stuck in Pending during upgrade\n1934085 - Scheduling conformance tests failing in a single node cluster\n1934107 - cluster-authentication-operator builds URL incorrectly for IPv6\n1934112 - Add memory and uptime metadata to IO archive\n1934113 - mcd panic when there\u0027s not enough free disk space\n1934123 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP\n1934163 - Thanos Querier restarting and gettin alert ThanosQueryHttpRequestQueryRangeErrorRateHigh\n1934174 - rootfs too small when enabling NBDE\n1934176 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3\n1934177 - knative-camel-operator CreateContainerError \"container_linux.go:366: starting container process caused: chdir to cwd (\\\"/home/nonroot\\\") set in config.json failed: permission denied\"\n1934216 - machineset-controller stuck in CrashLoopBackOff after upgrade to 4.7.0\n1934229 - List page text filter has input lag\n1934397 - Extend OLM operator gatherer to include Operator/ClusterServiceVersion conditions\n1934400 - [ocp_4][4.6][apiserver-auth] OAuth API servers are not ready - PreconditionNotReady\n1934516 - Setup different priority classes for prometheus-k8s and prometheus-user-workload pods\n1934556 - OCP-Metal images\n1934557 - RHCOS boot image bump for LUKS fixes\n1934643 - Need BFD failover capability on ECMP routes\n1934711 - openshift-ovn-kubernetes ovnkube-node DaemonSet should use maxUnavailable: 10%\n1934773 - Canary client should perform canary probes explicitly over HTTPS (rather than redirect from HTTP)\n1934905 - CoreDNS\u0027s \"errors\" plugin is not enabled for custom upstream resolvers\n1935058 - Can\u2019t finish install sts clusters on aws government region\n1935102 - Error: specifying a root certificates file with the insecure flag is not allowed during oc login\n1935155 - IGMP/MLD packets being dropped\n1935157 - [e2e][automation] environment tests broken\n1935165 - OCP 4.6 Build fails when filename contains an umlaut\n1935176 - Missing an indication whether the deployed setup is SNO. \n1935269 - Topology operator group shows child Jobs. Not shown in details view\u0027s resources. \n1935419 - Failed to scale worker using virtualmedia on Dell R640\n1935528 - [AWS][Proxy] ingress reports degrade with CanaryChecksSucceeding=False in the cluster with proxy setting\n1935539 - Openshift-apiserver CO unavailable during cluster upgrade from 4.6 to 4.7\n1935541 - console operator panics in DefaultDeployment with nil cm\n1935582 - prometheus liveness probes cause issues while replaying WAL\n1935604 - high CPU usage fails ingress controller\n1935667 - pipelinerun status icon rendering issue\n1935706 - test: Detect when the master pool is still updating after upgrade\n1935732 - Update Jenkins agent maven directory to be version agnostic [ART ocp build data]\n1935814 - Pod and Node lists eventually have incorrect row heights when additional columns have long text\n1935909 - New CSV using ServiceAccount named \"default\" stuck in Pending during upgrade\n1936022 - DNS operator performs spurious updates in response to API\u0027s defaulting of daemonset\u0027s terminationGracePeriod and service\u0027s clusterIPs\n1936030 - Ingress operator performs spurious updates in response to API\u0027s defaulting of NodePort service\u0027s clusterIPs field\n1936223 - The IPI installer has a typo. It is missing the word \"the\" in \"the Engine\". \n1936336 - Updating multus-cni builder \u0026 base images to be consistent with ART 4.8 (closed)\n1936342 - kuryr-controller restarting after 3 days cluster running - pools without members\n1936443 - Hive based OCP IPI baremetal installation fails to connect to API VIP port 22623\n1936488 - [sig-instrumentation][Late] Alerts shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured: Prometheus query error\n1936515 - sdn-controller is missing some health checks\n1936534 - When creating a worker with a used mac-address stuck on registering\n1936585 - configure alerts if the catalogsources are missing\n1936620 - OLM checkbox descriptor renders switch instead of checkbox\n1936721 - network-metrics-deamon not associated with a priorityClassName\n1936771 - [aws ebs csi driver] The event for Pod consuming a readonly PVC is not clear\n1936785 - Configmap gatherer doesn\u0027t include namespace name (in the archive path) in case of a configmap with binary data\n1936788 - RBD RWX PVC creation with Filesystem volume mode selection is creating RWX PVC with Block volume mode instead of disabling Filesystem volume mode selection\n1936798 - Authentication log gatherer shouldn\u0027t scan all the pod logs in the openshift-authentication namespace\n1936801 - Support ServiceBinding 0.5.0+\n1936854 - Incorrect imagestream is shown as selected in knative service container image edit flow\n1936857 - e2e-ovirt-ipi-install-install is permafailing on 4.5 nightlies\n1936859 - ovirt 4.4 -\u003e 4.5 upgrade jobs are permafailing\n1936867 - Periodic vsphere IPI install is broken - missing pip\n1936871 - [Cinder CSI] Topology aware provisioning doesn\u0027t work when Nova and Cinder AZs are different\n1936904 - Wrong output YAML when syncing groups without --confirm\n1936983 - Topology view - vm details screen isntt stop loading\n1937005 - when kuryr quotas are unlimited, we should not sent alerts\n1937018 - FilterToolbar component does not handle \u0027null\u0027 value for \u0027rowFilters\u0027 prop\n1937020 - Release new from image stream chooses incorrect ID based on status\n1937077 - Blank White page on Topology\n1937102 - Pod Containers Page Not Translated\n1937122 - CAPBM changes to support flexible reboot modes\n1937145 - [Local storage] PV provisioned by localvolumeset stays in \"Released\" status after the pod/pvc deleted\n1937167 - [sig-arch] Managed cluster should have no crashlooping pods in core namespaces over four minutes\n1937244 - [Local Storage] The model name of aws EBS doesn\u0027t be extracted well\n1937299 - pod.spec.volumes.awsElasticBlockStore.partition is not respected on NVMe volumes\n1937452 - cluster-network-operator CI linting fails in master branch\n1937459 - Wrong Subnet retrieved for Service without Selector\n1937460 - [CI] Network quota pre-flight checks are failing the installation\n1937464 - openstack cloud credentials are not getting configured with correct user_domain_name across the cluster\n1937466 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation\n1937496 - Metrics viewer in OCP Console is missing date in a timestamp for selected datapoint\n1937535 - Not all image pulls within OpenShift builds retry\n1937594 - multiple pods in ContainerCreating state after migration from OpenshiftSDN to OVNKubernetes\n1937627 - Bump DEFAULT_DOC_URL for 4.8\n1937628 - Bump upgrade channels for 4.8\n1937658 - Description for storage class encryption during storagecluster creation needs to be updated\n1937666 - Mouseover on headline\n1937683 - Wrong icon classification of output in buildConfig when the destination is a DockerImage\n1937693 - ironic image \"/\" cluttered with files\n1937694 - [oVirt] split ovirt providerIDReconciler logic into NodeController and ProviderIDController\n1937717 - If browser default font size is 20, the layout of template screen breaks\n1937722 - OCP 4.8 vuln due to BZ 1936445\n1937929 - Operand page shows a 404:Not Found error for OpenShift GitOps Operator\n1937941 - [RFE]fix wording for favorite templates\n1937972 - Router HAProxy config file template is slow to render due to repetitive regex compilations\n1938131 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1938321 - Cannot view PackageManifest objects in YAML on \u0027Home \u003e Search\u0027 page nor \u0027CatalogSource details \u003e Operators tab\u0027\n1938465 - thanos-querier should set a CPU request on the thanos-query container\n1938466 - packageserver deployment sets neither CPU or memory request on the packageserver container\n1938467 - The default cluster-autoscaler should get default cpu and memory requests if user omits them\n1938468 - kube-scheduler-operator has a container without a CPU request\n1938492 - Marketplace extract container does not request CPU or memory\n1938493 - machine-api-operator declares restrictive cpu and memory limits where it should not\n1938636 - Can\u0027t set the loglevel of the container: cluster-policy-controller and kube-controller-manager-recovery-controller\n1938903 - Time range on dashboard page will be empty after drog and drop mouse in the graph\n1938920 - ovnkube-master/ovs-node DaemonSets should use maxUnavailable: 10%\n1938947 - Update blocked from 4.6 to 4.7 when using spot/preemptible instances\n1938949 - [VPA] Updater failed to trigger evictions due to \"vpa-admission-controller\" not found\n1939054 - machine healthcheck kills aws spot instance before generated\n1939060 - CNO: nodes and masters are upgrading simultaneously\n1939069 - Add source to vm template silently failed when no storage class is defined in the cluster\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1939168 - Builds failing for OCP 3.11 since PR#25 was merged\n1939226 - kube-apiserver readiness probe appears to be hitting /healthz, not /readyz\n1939227 - kube-apiserver liveness probe appears to be hitting /healthz, not /livez\n1939232 - CI tests using openshift/hello-world broken by Ruby Version Update\n1939270 - fix co upgradeableFalse status and reason\n1939294 - OLM may not delete pods with grace period zero (force delete)\n1939412 - missed labels for thanos-ruler pods\n1939485 - CVE-2021-20291 containers/storage: DoS via malicious image\n1939547 - Include container=\"POD\" in resource queries\n1939555 - VSphereProblemDetectorControllerDegraded: context canceled during upgrade to 4.8.0\n1939573 - after entering valid git repo url on add flow page, throwing warning message instead Validated\n1939580 - Authentication operator is degraded during 4.8 to 4.8 upgrade and normal 4.8 e2e runs\n1939606 - Attempting to put a host into maintenance mode warns about Ceph cluster health, but no storage cluster problems are apparent\n1939661 - support new AWS region ap-northeast-3\n1939726 - clusteroperator/network should not change condition/Degraded during normal serial test execution\n1939731 - Image registry operator reports unavailable during normal serial run\n1939734 - Node Fanout Causes Excessive WATCH Secret Calls, Taking Down Clusters\n1939740 - dual stack nodes with OVN single ipv6 fails on bootstrap phase\n1939752 - ovnkube-master sbdb container does not set requests on cpu or memory\n1939753 - Delete HCO is stucking if there is still VM in the cluster\n1939815 - Change the Warning Alert for Encrypted PVs in Create StorageClass(provisioner:RBD) page\n1939853 - [DOC] Creating manifests API should not allow folder in the \"file_name\"\n1939865 - GCP PD CSI driver does not have CSIDriver instance\n1939869 - [e2e][automation] Add annotations to datavolume for HPP\n1939873 - Unlimited number of characters accepted for base domain name\n1939943 - `cluster-kube-apiserver-operator check-endpoints` observed a panic: runtime error: invalid memory address or nil pointer dereference\n1940030 - cluster-resource-override: fix spelling mistake for run-level match expression in webhook configuration\n1940057 - Openshift builds should use a wach instead of polling when checking for pod status\n1940142 - 4.6-\u003e4.7 updates stick on OpenStackCinderCSIDriverOperatorCR_OpenStackCinderDriverControllerServiceController_Deploying\n1940159 - [OSP] cluster destruction fails to remove router in BYON (with provider network) with Kuryr as primary network\n1940206 - Selector and VolumeTableRows not i18ned\n1940207 - 4.7-\u003e4.6 rollbacks stuck on prometheusrules admission webhook \"no route to host\"\n1940314 - Failed to get type for Dashboard Kubernetes / Compute Resources / Namespace (Workloads)\n1940318 - No data under \u0027Current Bandwidth\u0027 for Dashboard \u0027Kubernetes / Networking / Pod\u0027\n1940322 - Split of dashbard is wrong, many Network parts\n1940337 - rhos-ipi installer fails with not clear message when openstack tenant doesn\u0027t have flavors needed for compute machines\n1940361 - [e2e][automation] Fix vm action tests with storageclass HPP\n1940432 - Gather datahubs.installers.datahub.sap.com resources from SAP clusters\n1940488 - After fix for CVE-2021-3344, Builds do not mount node entitlement keys\n1940498 - pods may fail to add logical port due to lr-nat-del/lr-nat-add error messages\n1940499 - hybrid-overlay not logging properly before exiting due to an error\n1940518 - Components in bare metal components lack resource requests\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1940704 - prjquota is dropped from rootflags if rootfs is reprovisioned\n1940755 - [Web-console][Local Storage] LocalVolumeSet could not be created from web-console without detail error info\n1940865 - Add BareMetalPlatformType into e2e upgrade service unsupported list\n1940876 - Components in ovirt components lack resource requests\n1940889 - Installation failures in OpenStack release jobs\n1940933 - [sig-arch] Check if alerts are firing during or after upgrade success: AggregatedAPIDown on v1beta1.metrics.k8s.io\n1940939 - Wrong Openshift node IP as kubelet setting VIP as node IP\n1940940 - csi-snapshot-controller goes unavailable when machines are added removed to cluster\n1940950 - vsphere: client/bootstrap CSR double create\n1940972 - vsphere: [4.6] CSR approval delayed for unknown reason\n1941000 - cinder storageclass creates persistent volumes with wrong label failure-domain.beta.kubernetes.io/zone in multi availability zones architecture on OSP 16. \n1941334 - [RFE] Cluster-api-provider-ovirt should handle auto pinning policy\n1941342 - Add `kata-osbuilder-generate.service` as part of the default presets\n1941456 - Multiple pods stuck in ContainerCreating status with the message \"failed to create container for [kubepods burstable podxxx] : dbus: connection closed by user\" being seen in the journal log\n1941526 - controller-manager-operator: Observed a panic: nil pointer dereference\n1941592 - HAProxyDown not Firing\n1941606 - [assisted operator] Assisted Installer Operator CSV related images should be digests for icsp\n1941625 - Developer -\u003e Topology - i18n misses\n1941635 - Developer -\u003e Monitoring - i18n misses\n1941636 - BM worker nodes deployment with virtual media failed while trying to clean raid\n1941645 - Developer -\u003e Builds - i18n misses\n1941655 - Developer -\u003e Pipelines - i18n misses\n1941667 - Developer -\u003e Project - i18n misses\n1941669 - Developer -\u003e ConfigMaps - i18n misses\n1941759 - Errored pre-flight checks should not prevent install\n1941798 - Some details pages don\u0027t have internationalized ResourceKind labels\n1941801 - Many filter toolbar dropdowns haven\u0027t been internationalized\n1941815 - From the web console the terminal can no longer connect after using leaving and returning to the terminal view\n1941859 - [assisted operator] assisted pod deploy first time in error state\n1941901 - Toleration merge logic does not account for multiple entries with the same key\n1941915 - No validation against template name in boot source customization\n1941936 - when setting parameters in containerRuntimeConfig, it will show incorrect information on its description\n1941980 - cluster-kube-descheduler operator is broken when upgraded from 4.7 to 4.8\n1941990 - Pipeline metrics endpoint changed in osp-1.4\n1941995 - fix backwards incompatible trigger api changes in osp1.4\n1942086 - Administrator -\u003e Home - i18n misses\n1942117 - Administrator -\u003e Workloads - i18n misses\n1942125 - Administrator -\u003e Serverless - i18n misses\n1942193 - Operand creation form - broken/cutoff blue line on the Accordion component (fieldGroup)\n1942207 - [vsphere] hostname are changed when upgrading from 4.6 to 4.7.x causing upgrades to fail\n1942271 - Insights operator doesn\u0027t gather pod information from openshift-cluster-version\n1942375 - CRI-O failing with error \"reserving ctr name\"\n1942395 - The status is always \"Updating\" on dc detail page after deployment has failed. \n1942521 - [Assisted-4.7] [Staging][OCS] Minimum memory for selected role is failing although minimum OCP requirement satisfied\n1942522 - Resolution fails to sort channel if inner entry does not satisfy predicate\n1942536 - Corrupted image preventing containers from starting\n1942548 - Administrator -\u003e Networking - i18n misses\n1942553 - CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic\n1942555 - Network policies in ovn-kubernetes don\u0027t support external traffic from router when the endpoint publishing strategy is HostNetwork\n1942557 - Query is reporting \"no datapoint\" when label cluster=\"\" is set but work when the label is removed or when running directly in Prometheus\n1942608 - crictl cannot list the images with an error: error locating item named \"manifest\" for image with ID\n1942614 - Administrator -\u003e Storage - i18n misses\n1942641 - Administrator -\u003e Builds - i18n misses\n1942673 - Administrator -\u003e Pipelines - i18n misses\n1942694 - Resource names with a colon do not display property in the browser window title\n1942715 - Administrator -\u003e User Management - i18n misses\n1942716 - Quay Container Security operator has Medium \u003c-\u003e Low colors reversed\n1942725 - [SCC] openshift-apiserver degraded when creating new pod after installing Stackrox which creates a less privileged SCC [4.8]\n1942736 - Administrator -\u003e Administration - i18n misses\n1942749 - Install Operator form should use info icon for popovers\n1942837 - [OCPv4.6] unable to deploy pod with unsafe sysctls\n1942839 - Windows VMs fail to start on air-gapped environments\n1942856 - Unable to assign nodes for EgressIP even if the egress-assignable label is set\n1942858 - [RFE]Confusing detach volume UX\n1942883 - AWS EBS CSI driver does not support partitions\n1942894 - IPA error when provisioning masters due to an error from ironic.conductor - /dev/sda is busy\n1942935 - must-gather improvements\n1943145 - vsphere: client/bootstrap CSR double create\n1943175 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies (set azure storage account TLS version default to 1.2)\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1943219 - unable to install IPI PRIVATE OpenShift cluster in Azure - SSH access from the Internet should be blocked\n1943224 - cannot upgrade openshift-kube-descheduler from 4.7.2 to latest\n1943238 - The conditions table does not occupy 100% of the width. \n1943258 - [Assisted-4.7][Staging][Advanced Networking] Cluster install fails while waiting for control plane\n1943314 - [OVN SCALE] Combine Logical Flows inside Southbound DB. \n1943315 - avoid workload disruption for ICSP changes\n1943320 - Baremetal node loses connectivity with bonded interface and OVNKubernetes\n1943329 - TLSSecurityProfile missing from KubeletConfig CRD Manifest\n1943356 - Dynamic plugins surfaced in the UI should be referred to as \"Console plugins\"\n1943539 - crio-wipe is failing to start \"Failed to shutdown storage before wiping: A layer is mounted: layer is in use by a container\"\n1943543 - DeploymentConfig Rollback doesn\u0027t reset params correctly\n1943558 - [assisted operator] Assisted Service pod unable to reach self signed local registry in disco environement\n1943578 - CoreDNS caches NXDOMAIN responses for up to 900 seconds\n1943614 - add bracket logging on openshift/builder calls into buildah to assist test-platform team triage\n1943637 - upgrade from ocp 4.5 to 4.6 does not clear SNAT rules on ovn\n1943649 - don\u0027t use hello-openshift for network-check-target\n1943667 - KubeDaemonSetRolloutStuck fires during upgrades too often because it does not accurately detect progress\n1943719 - storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions\n1943804 - API server on AWS takes disruption between 70s and 110s after pod begins termination via external LB\n1943845 - Router pods should have startup probes configured\n1944121 - OVN-kubernetes references AddressSets after deleting them, causing ovn-controller errors\n1944160 - CNO: nbctl daemon should log reconnection info\n1944180 - OVN-Kube Master does not release election lock on shutdown\n1944246 - Ironic fails to inspect and move node to \"manageable\u0027 but get bmh remains in \"inspecting\"\n1944268 - openshift-install AWS SDK is missing endpoints for the ap-northeast-3 region\n1944509 - Translatable texts without context in ssh expose component\n1944581 - oc project not works with cluster proxy\n1944587 - VPA could not take actions based on the recommendation when min-replicas=1\n1944590 - The field name \"VolumeSnapshotContent\" is wrong on VolumeSnapshotContent detail page\n1944602 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1944631 - openshif authenticator should not accept non-hashed tokens\n1944655 - [manila-csi-driver-operator] openstack-manila-csi-nodeplugin pods stucked with \".. still connecting to unix:///var/lib/kubelet/plugins/csi-nfsplugin/csi.sock\"\n1944660 - dm-multipath race condition on bare metal causing /boot partition mount failures\n1944674 - Project field become to \"All projects\" and disabled in \"Review and create virtual machine\" step in devconsole\n1944678 - Whereabouts IPAM CNI duplicate IP addresses assigned to pods\n1944761 - field level help instances do not use common util component \u003cFieldLevelHelp\u003e\n1944762 - Drain on worker node during an upgrade fails due to PDB set for image registry pod when only a single replica is present\n1944763 - field level help instances do not use common util component \u003cFieldLevelHelp\u003e\n1944853 - Update to nodejs \u003e=14.15.4 for ARM\n1944974 - Duplicate KubeControllerManagerDown/KubeSchedulerDown alerts\n1944986 - Clarify the ContainerRuntimeConfiguration cr description on the validation\n1945027 - Button \u0027Copy SSH Command\u0027 does not work\n1945085 - Bring back API data in etcd test\n1945091 - In k8s 1.21 bump Feature:IPv6DualStack tests are disabled\n1945103 - \u0027User credentials\u0027 shows even the VM is not running\n1945104 - In k8s 1.21 bump \u0027[sig-storage] [cis-hostpath] [Testpattern: Generic Ephemeral-volume\u0027 tests are disabled\n1945146 - Remove pipeline Tech preview badge for pipelines GA operator\n1945236 - Bootstrap ignition shim doesn\u0027t follow proxy settings\n1945261 - Operator dependency not consistently chosen from default channel\n1945312 - project deletion does not reset UI project context\n1945326 - console-operator: does not check route health periodically\n1945387 - Image Registry deployment should have 2 replicas and hard anti-affinity rules\n1945398 - 4.8 CI failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n1945431 - alerts: SystemMemoryExceedsReservation triggers too quickly\n1945443 - operator-lifecycle-manager-packageserver flaps Available=False with no reason or message\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1945548 - catalog resource update failed if spec.secrets set to \"\"\n1945584 - Elasticsearch operator fails to install on 4.8 cluster on ppc64le/s390x\n1945599 - Optionally set KERNEL_VERSION and RT_KERNEL_VERSION\n1945630 - Pod log filename no longer in \u003cpod-name\u003e-\u003ccontainer-name\u003e.log format\n1945637 - QE- Automation- Fixing smoke test suite for pipeline-plugin\n1945646 - gcp-routes.sh running as initrc_t unnecessarily\n1945659 - [oVirt] remove ovirt_cafile from ovirt-credentials secret\n1945677 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry\n1945687 - Dockerfile needs updating to new container CI registry\n1945700 - Syncing boot mode after changing device should be restricted to Supermicro\n1945816 - \" Ingresses \" should be kept in English for Chinese\n1945818 - Chinese translation issues: Operator should be the same with English `Operators`\n1945849 - Unnecessary series churn when a new version of kube-state-metrics is rolled out\n1945910 - [aws] support byo iam roles for instances\n1945948 - SNO: pods can\u0027t reach ingress when the ingress uses a different IPv6. \n1946079 - Virtual master is not getting an IP address\n1946097 - [oVirt] oVirt credentials secret contains unnecessary \"ovirt_cafile\"\n1946119 - panic parsing install-config\n1946243 - No relevant error when pg limit is reached in block pools page\n1946307 - [CI] [UPI] use a standardized and reliable way to install google cloud SDK in UPI image\n1946320 - Incorrect error message in Deployment Attach Storage Page\n1946449 - [e2e][automation] Fix cloud-init tests as UI changed\n1946458 - Edit Application action overwrites Deployment envFrom values on save\n1946459 - In bare metal IPv6 environment, [sig-storage] [Driver: nfs] tests are failing in CI. \n1946479 - In k8s 1.21 bump BoundServiceAccountTokenVolume is disabled by default\n1946497 - local-storage-diskmaker pod logs \"DeviceSymlinkExists\" and \"not symlinking, could not get lock: \u003cnil\u003e\"\n1946506 - [on-prem] mDNS plugin no longer needed\n1946513 - honor use specified system reserved with auto node sizing\n1946540 - auth operator: only configure webhook authenticators for internal auth when oauth-apiserver pods are ready\n1946584 - Machine-config controller fails to generate MC, when machine config pool with dashes in name presents under the cluster\n1946607 - etcd readinessProbe is not reflective of actual readiness\n1946705 - Fix issues with \"search\" capability in the Topology Quick Add component\n1946751 - DAY2 Confusing event when trying to add hosts to a cluster that completed installation\n1946788 - Serial tests are broken because of router\n1946790 - Marketplace operator flakes Available=False OperatorStarting during updates\n1946838 - Copied CSVs show up as adopted components\n1946839 - [Azure] While mirroring images to private registry throwing error: invalid character \u0027\u003c\u0027 looking for beginning of value\n1946865 - no \"namespace:kube_pod_container_resource_requests_cpu_cores:sum\" and \"namespace:kube_pod_container_resource_requests_memory_bytes:sum\" metrics\n1946893 - the error messages are inconsistent in DNS status conditions if the default service IP is taken\n1946922 - Ingress details page doesn\u0027t show referenced secret name and link\n1946929 - the default dns operator\u0027s Progressing status is always True and cluster operator dns Progressing status is False\n1947036 - \"failed to create Matchbox client or connect\" on e2e-metal jobs or metal clusters via cluster-bot\n1947066 - machine-config-operator pod crashes when noProxy is *\n1947067 - [Installer] Pick up upstream fix for installer console output\n1947078 - Incorrect skipped status for conditional tasks in the pipeline run\n1947080 - SNO IPv6 with \u0027temporary 60-day domain\u0027 option fails with IPv4 exception\n1947154 - [master] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install\n1947164 - Print \"Successfully pushed\" even if the build push fails. \n1947176 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. \n1947293 - IPv6 provision addresses range larger then /64 prefix (e.g. /48)\n1947311 - When adding a new node to localvolumediscovery UI does not show pre-existing node name\u0027s\n1947360 - [vSphere csi driver operator] operator pod runs as \u201cBestEffort\u201d qosClass\n1947371 - [vSphere csi driver operator] operator doesn\u0027t create \u201ccsidriver\u201d instance\n1947402 - Single Node cluster upgrade: AWS EBS CSI driver deployment is stuck on rollout\n1947478 - discovery v1 beta1 EndpointSlice is deprecated in Kubernetes 1.21 (OCP 4.8)\n1947490 - If Clevis on a managed LUKs volume with Ignition enables, the system will fails to automatically open the LUKs volume on system boot\n1947498 - policy v1 beta1 PodDisruptionBudget is deprecated in Kubernetes 1.21 (OCP 4.8)\n1947663 - disk details are not synced in web-console\n1947665 - Internationalization values for ceph-storage-plugin should be in file named after plugin\n1947684 - MCO on SNO sometimes has rendered configs and sometimes does not\n1947712 - [OVN] Many faults and Polling interval stuck for 4 seconds every roughly 5 minutes intervals. \n1947719 - 8 APIRemovedInNextReleaseInUse info alerts display\n1947746 - Show wrong kubernetes version from kube-scheduler/kube-controller-manager operator pods\n1947756 - [azure-disk-csi-driver-operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade\n1947767 - [azure-disk-csi-driver-operator] Uses the same storage type in the sc created by it as the default sc?\n1947771 - [kube-descheduler]descheduler operator pod should not run as \u201cBestEffort\u201d qosClass\n1947774 - CSI driver operators use \"Always\" imagePullPolicy in some containers\n1947775 - [vSphere csi driver operator] doesn\u2019t use the downstream images from payload. \n1947776 - [vSphere csi driver operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade\n1947779 - [LSO] Should allow more nodes to be updated simultaneously for speeding up LSO upgrade\n1947785 - Cloud Compute: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947789 - Console: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947791 - MCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947793 - DevEx: APIRemovedInNextReleaseInUse info alerts display\n1947794 - OLM: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert\n1947795 - Networking: APIRemovedInNextReleaseInUse info alerts display\n1947797 - CVO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947798 - Images: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947800 - Ingress: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1947801 - Kube Storage Version Migrator APIRemovedInNextReleaseInUse info alerts display\n1947803 - Openshift Apiserver: APIRemovedInNextReleaseInUse info alerts display\n1947806 - Re-enable h2spec, http/2 and grpc-interop e2e tests in openshift/origin\n1947828 - `download it` link should save pod log in \u003cpod-name\u003e-\u003ccontainer-name\u003e.log format\n1947866 - disk.csi.azure.com.spec.operatorLogLevel is not updated when CSO loglevel is changed\n1947917 - Egress Firewall does not reliably apply firewall rules\n1947946 - Operator upgrades can delete existing CSV before completion\n1948011 - openshift-controller-manager constantly reporting type \"Upgradeable\" status Unknown\n1948012 - service-ca constantly reporting type \"Upgradeable\" status Unknown\n1948019 - [4.8] Large number of requests to the infrastructure cinder volume service\n1948022 - Some on-prem namespaces missing from must-gather\n1948040 - cluster-etcd-operator: etcd is using deprecated logger\n1948082 - Monitoring should not set Available=False with no reason on updates\n1948137 - CNI DEL not called on node reboot - OCP 4 CRI-O. \n1948232 - DNS operator performs spurious updates in response to API\u0027s defaulting of daemonset\u0027s maxSurge and service\u0027s ipFamilies and ipFamilyPolicy fields\n1948311 - Some jobs failing due to excessive watches: the server has received too many requests and has asked us to try again later\n1948359 - [aws] shared tag was not removed from user provided IAM role\n1948410 - [LSO] Local Storage Operator uses imagePullPolicy as \"Always\"\n1948415 - [vSphere csi driver operator] clustercsidriver.spec.logLevel doesn\u0027t take effective after changing\n1948427 - No action is triggered after click \u0027Continue\u0027 button on \u0027Show community Operator\u0027 windows\n1948431 - TechPreviewNoUpgrade does not enable CSI migration\n1948436 - The outbound traffic was broken intermittently after shutdown one egressIP node\n1948443 - OCP 4.8 nightly still showing v1.20 even after 1.21 merge\n1948471 - [sig-auth][Feature:OpenShiftAuthorization][Serial] authorization TestAuthorizationResourceAccessReview should succeed [Suite:openshift/conformance/serial]\n1948505 - [vSphere csi driver operator] vmware-vsphere-csi-driver-operator pod restart every 10 minutes\n1948513 - get-resources.sh doesn\u0027t honor the no_proxy settings\n1948524 - \u0027DeploymentUpdated\u0027 Updated Deployment.apps/downloads -n openshift-console because it changed message is printed every minute\n1948546 - VM of worker is in error state when a network has port_security_enabled=False\n1948553 - When setting etcd spec.LogLevel is not propagated to etcd operand\n1948555 - A lot of events \"rpc error: code = DeadlineExceeded desc = context deadline exceeded\" were seen in azure disk csi driver verification test\n1948563 - End-to-End Secure boot deployment fails \"Invalid value for input variable\"\n1948582 - Need ability to specify local gateway mode in CNO config\n1948585 - Need a CI jobs to test local gateway mode with bare metal\n1948592 - [Cluster Network Operator] Missing Egress Router Controller\n1948606 - DNS e2e test fails \"[sig-arch] Only known images used by tests\" because it does not use a known image\n1948610 - External Storage [Driver: disk.csi.azure.com] [Testpattern: Dynamic PV (block volmode)] multiVolume [Slow] should access to two volumes with the same volume mode and retain data across pod recreation on the same node [LinuxOnly]\n1948626 - TestRouteAdmissionPolicy e2e test is failing often\n1948628 - ccoctl needs to plan for future (non-AWS) platform support in the CLI\n1948634 - upgrades: allow upgrades without version change\n1948640 - [Descheduler] operator log reports key failed with : kubedeschedulers.operator.openshift.io \"cluster\" not found\n1948701 - unneeded CCO alert already covered by CVO\n1948703 - p\u0026f: probes should not get 429s\n1948705 - [assisted operator] SNO deployment fails - ClusterDeployment shows `bootstrap.ign was not found`\n1948706 - Cluster Autoscaler Operator manifests missing annotation for ibm-cloud-managed profile\n1948708 - cluster-dns-operator includes a deployment with node selector of masters for the IBM cloud managed profile\n1948711 - thanos querier and prometheus-adapter should have 2 replicas\n1948714 - cluster-image-registry-operator targets master nodes in ibm-cloud-managed-profile\n1948716 - cluster-ingress-operator deployment targets master nodes for ibm-cloud-managed profile\n1948718 - cluster-network-operator deployment manifest for ibm-cloud-managed profile contains master node selector\n1948719 - Machine API components should use 1.21 dependencies\n1948721 - cluster-storage-operator deployment targets master nodes for ibm-cloud-managed profile\n1948725 - operator lifecycle manager does not include profile annotations for ibm-cloud-managed\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1948771 - ~50% of GCP upgrade jobs in 4.8 failing with \"AggregatedAPIDown\" alert on packages.coreos.com\n1948782 - Stale references to the single-node-production-edge cluster profile\n1948787 - secret.StringData shouldn\u0027t be used for reads\n1948788 - Clicking an empty metrics graph (when there is no data) should still open metrics viewer\n1948789 - Clicking on a metrics graph should show request and limits queries as well on the resulting metrics page\n1948919 - Need minor update in message on channel modal\n1948923 - [aws] installer forces the platform.aws.amiID option to be set, while installing a cluster into GovCloud or C2S region\n1948926 - Memory Usage of Dashboard \u0027Kubernetes / Compute Resources / Pod\u0027 contain wrong CPU query\n1948936 - [e2e][automation][prow] Prow script point to deleted resource\n1948943 - (release-4.8) Limit the number of collected pods in the workloads gatherer\n1948953 - Uninitialized cloud provider error when provisioning a cinder volume\n1948963 - [RFE] Cluster-api-provider-ovirt should handle hugepages\n1948966 - Add the ability to run a gather done by IO via a Kubernetes Job\n1948981 - Align dependencies and libraries with latest ironic code\n1948998 - style fixes by GoLand and golangci-lint\n1948999 - Can not assign multiple EgressIPs to a namespace by using automatic way. \n1949019 - PersistentVolumes page cannot sync project status automatically which will block user to create PV\n1949022 - Openshift 4 has a zombie problem\n1949039 - Wrong env name to get podnetinfo for hugepage in app-netutil\n1949041 - vsphere: wrong image names in bundle\n1949042 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the http2 tests (on OpenStack)\n1949050 - Bump k8s to latest 1.21\n1949061 - [assisted operator][nmstate] Continuous attempts to reconcile InstallEnv in the case of invalid NMStateConfig\n1949063 - [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service\n1949075 - Extend openshift/api for Add card customization\n1949093 - PatternFly v4.96.2 regression results in a.pf-c-button hover issues\n1949096 - Restore private git clone tests\n1949099 - network-check-target code cleanup\n1949105 - NetworkPolicy ... should enforce ingress policy allowing any port traffic to a server on a specific protocol\n1949145 - Move openshift-user-critical priority class to CCO\n1949155 - Console doesn\u0027t correctly check for favorited or last namespace on load if project picker used\n1949180 - Pipelines plugin model kinds aren\u0027t picked up by parser\n1949202 - sriov-network-operator not available from operatorhub on ppc64le\n1949218 - ccoctl not included in container image\n1949237 - Bump OVN: Lots of conjunction warnings in ovn-controller container logs\n1949277 - operator-marketplace: deployment manifests for ibm-cloud-managed profile have master node selectors\n1949294 - [assisted operator] OPENSHIFT_VERSIONS in assisted operator subscription does not propagate\n1949306 - need a way to see top API accessors\n1949313 - Rename vmware-vsphere-* images to vsphere-* images before 4.8 ships\n1949316 - BaremetalHost resource automatedCleaningMode ignored due to outdated vendoring\n1949347 - apiserver-watcher support for dual-stack\n1949357 - manila-csi-controller pod not running due to secret lack(in another ns)\n1949361 - CoreDNS resolution failure for external hostnames with \"A: dns: overflow unpacking uint16\"\n1949364 - Mention scheduling profiles in scheduler operator repository\n1949370 - Testability of: Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error\n1949384 - Edit Default Pull Secret modal - i18n misses\n1949387 - Fix the typo in auto node sizing script\n1949404 - label selector on pvc creation page - i18n misses\n1949410 - The referred role doesn\u0027t exist if create rolebinding from rolebinding tab of role page\n1949411 - VolumeSnapshot, VolumeSnapshotClass and VolumeSnapshotConent Details tab is not translated - i18n misses\n1949413 - Automatic boot order setting is done incorrectly when using by-path style device names\n1949418 - Controller factory workers should always restart on panic()\n1949419 - oauth-apiserver logs \"[SHOULD NOT HAPPEN] failed to update managedFields for authentication.k8s.io/v1, Kind=TokenReview: failed to convert new object (authentication.k8s.io/v1, Kind=TokenReview)\"\n1949420 - [azure csi driver operator] pvc.status.capacity and pv.spec.capacity are processed not the same as in-tree plugin\n1949435 - ingressclass controller doesn\u0027t recreate the openshift-default ingressclass after deleting it\n1949480 - Listeners timeout are constantly being updated\n1949481 - cluster-samples-operator restarts approximately two times per day and logs too many same messages\n1949509 - Kuryr should manage API LB instead of CNO\n1949514 - URL is not visible for routes at narrow screen widths\n1949554 - Metrics of vSphere CSI driver sidecars are not collected\n1949582 - OCP v4.7 installation with OVN-Kubernetes fails with error \"egress bandwidth restriction -1 is not equals\"\n1949589 - APIRemovedInNextEUSReleaseInUse Alert Missing\n1949591 - Alert does not catch removed api usage during end-to-end tests. \n1949593 - rename DeprecatedAPIInUse alert to APIRemovedInNextReleaseInUse\n1949612 - Install with 1.21 Kubelet is spamming logs with failed to get stats failed command \u0027du\u0027\n1949626 - machine-api fails to create AWS client in new regions\n1949661 - Kubelet Workloads Management changes for OCPNODE-529\n1949664 - Spurious keepalived liveness probe failures\n1949671 - System services such as openvswitch are stopped before pod containers on system shutdown or reboot\n1949677 - multus is the first pod on a new node and the last to go ready\n1949711 - cvo unable to reconcile deletion of openshift-monitoring namespace\n1949721 - Pick 99237: Use the audit ID of a request for better correlation\n1949741 - Bump golang version of cluster-machine-approver\n1949799 - ingresscontroller should deny the setting when spec.tuningOptions.threadCount exceed 64\n1949810 - OKD 4.7 unable to access Project Topology View\n1949818 - Add e2e test to perform MCO operation Single Node OpenShift\n1949820 - Unable to use `oc adm top is` shortcut when asking for `imagestreams`\n1949862 - The ccoctl tool hits the panic sometime when running the delete subcommand\n1949866 - The ccoctl fails to create authentication file when running the command `ccoctl aws create-identity-provider` with `--output-dir` parameter\n1949880 - adding providerParameters.gcp.clientAccess to existing ingresscontroller doesn\u0027t work\n1949882 - service-idler build error\n1949898 - Backport RP#848 to OCP 4.8\n1949907 - Gather summary of PodNetworkConnectivityChecks\n1949923 - some defined rootVolumes zones not used on installation\n1949928 - Samples Operator updates break CI tests\n1949935 - Fix incorrect access review check on start pipeline kebab action\n1949956 - kaso: add minreadyseconds to ensure we don\u0027t have an LB outage on kas\n1949967 - Update Kube dependencies in MCO to 1.21\n1949972 - Descheduler metrics: populate build info data and make the metrics entries more readeable\n1949978 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the h2spec conformance tests [Suite:openshift/conformance/parallel/minimal]\n1949990 - (release-4.8) Extend the OLM operator gatherer to include CSV display name\n1949991 - openshift-marketplace pods are crashlooping\n1950007 - [CI] [UPI] easy_install is not reliable enough to be used in an image\n1950026 - [Descheduler] Need better way to handle evicted pod count for removeDuplicate pod strategy\n1950047 - CSV deployment template custom annotations are not propagated to deployments\n1950112 - SNO: machine-config pool is degraded: error running chcon -R -t var_run_t /run/mco-machine-os-content/os-content-321709791\n1950113 - in-cluster operators need an API for additional AWS tags\n1950133 - MCO creates empty conditions on the kubeletconfig object\n1950159 - Downstream ovn-kubernetes repo should have no linter errors\n1950175 - Update Jenkins and agent base image to Go 1.16\n1950196 - ssh Key is added even with \u0027Expose SSH access to this virtual machine\u0027 unchecked\n1950210 - VPA CRDs use deprecated API version\n1950219 - KnativeServing is not shown in list on global config page\n1950232 - [Descheduler] - The minKubeVersion should be 1.21\n1950236 - Update OKD imagestreams to prefer centos7 images\n1950270 - should use \"kubernetes.io/os\" in the dns/ingresscontroller node selector description when executing oc explain command\n1950284 - Tracking bug for NE-563 - support user-defined tags on AWS load balancers\n1950341 - NetworkPolicy: allow-from-router policy does not allow access to service when the endpoint publishing strategy is HostNetwork on OpenshiftSDN network\n1950379 - oauth-server is in pending/crashbackoff at beginning 50% of CI runs\n1950384 - [sig-builds][Feature:Builds][sig-devex][Feature:Jenkins][Slow] openshift pipeline build perm failing\n1950409 - Descheduler operator code and docs still reference v1beta1\n1950417 - The Marketplace Operator is building with EOL k8s versions\n1950430 - CVO serves metrics over HTTP, despite a lack of consumers\n1950460 - RFE: Change Request Size Input to Number Spinner Input\n1950471 - e2e-metal-ipi-ovn-dualstack is failing with etcd unable to bootstrap\n1950532 - Include \"update\" when referring to operator approval and channel\n1950543 - Document non-HA behaviors in the MCO (SingleNodeOpenshift)\n1950590 - CNO: Too many OVN netFlows collectors causes ovnkube pods CrashLoopBackOff\n1950653 - BuildConfig ignores Args\n1950761 - Monitoring operator deployments anti-affinity rules prevent their rollout on single-node\n1950908 - kube_pod_labels metric does not contain k8s labels\n1950912 - [e2e][automation] add devconsole tests\n1950916 - [RFE]console page show error when vm is poused\n1950934 - Unnecessary rollouts can happen due to unsorted endpoints\n1950935 - Updating cluster-network-operator builder \u0026 base images to be consistent with ART\n1950978 - the ingressclass cannot be removed even after deleting the related custom ingresscontroller\n1951007 - ovn master pod crashed\n1951029 - Drainer panics on missing context for node patch\n1951034 - (release-4.8) Split up the GatherClusterOperators into smaller parts\n1951042 - Panics every few minutes in kubelet logs post-rebase\n1951043 - Start Pipeline Modal Parameters should accept empty string defaults\n1951058 - [gcp-pd-csi-driver-operator] topology and multipods capabilities are not enabled in e2e tests\n1951066 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud\n1951084 - avoid benign \"Path \\\"/run/secrets/etc-pki-entitlement\\\" from \\\"/etc/containers/mounts.conf\\\" doesn\u0027t exist, skipping\" messages\n1951158 - Egress Router CRD missing Addresses entry\n1951169 - Improve API Explorer discoverability from the Console\n1951174 - re-pin libvirt to 6.0.0\n1951203 - oc adm catalog mirror can generate ICSPs that exceed etcd\u0027s size limit\n1951209 - RerunOnFailure runStrategy shows wrong VM status (Starting) on Succeeded VMI\n1951212 - User/Group details shows unrelated subjects in role bindings tab\n1951214 - VM list page crashes when the volume type is sysprep\n1951339 - Cluster-version operator does not manage operand container environments when manifest lacks opinions\n1951387 - opm index add doesn\u0027t respect deprecated bundles\n1951412 - Configmap gatherer can fail incorrectly\n1951456 - Docs and linting fixes\n1951486 - Replace \"kubevirt_vmi_network_traffic_bytes_total\" with new metrics names\n1951505 - Remove deprecated techPreviewUserWorkload field from CMO\u0027s configmap\n1951558 - Backport Upstream 101093 for Startup Probe Fix\n1951585 - enterprise-pod fails to build\n1951636 - assisted service operator use default serviceaccount in operator bundle\n1951637 - don\u0027t rollout a new kube-apiserver revision on oauth accessTokenInactivityTimeout changes\n1951639 - Bootstrap API server unclean shutdown causes reconcile delay\n1951646 - Unexpected memory climb while container not in use\n1951652 - Add retries to opm index add\n1951670 - Error gathering bootstrap log after pivot: The bootstrap machine did not execute the release-image.service systemd unit\n1951671 - Excessive writes to ironic Nodes\n1951705 - kube-apiserver needs alerts on CPU utlization\n1951713 - [OCP-OSP] After changing image in machine object it enters in Failed - Can\u0027t find created instance\n1951853 - dnses.operator.openshift.io resource\u0027s spec.nodePlacement.tolerations godoc incorrectly describes default behavior\n1951858 - unexpected text \u00270\u0027 on filter toolbar on RoleBinding tab\n1951860 - [4.8] add Intel XXV710 NIC model (1572) support in SR-IOV Operator\n1951870 - sriov network resources injector: user defined injection removed existing pod annotations\n1951891 - [migration] cannot change ClusterNetwork CIDR during migration\n1951952 - [AWS CSI Migration] Metrics for cloudprovider error requests are lost\n1952001 - Delegated authentication: reduce the number of watch requests\n1952032 - malformatted assets in CMO\n1952045 - Mirror nfs-server image used in jenkins-e2e\n1952049 - Helm: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1952079 - rebase openshift/sdn to kube 1.21\n1952111 - Optimize importing from @patternfly/react-tokens\n1952174 - DNS operator claims to be done upgrading before it even starts\n1952179 - OpenStack Provider Ports UI Underscore Variables\n1952187 - Pods stuck in ImagePullBackOff with errors like rpc error: code = Unknown desc = Error committing the finished image: image with ID \"SomeLongID\" already exists, but uses a different top layer: that ID\n1952211 - cascading mounts happening exponentially on when deleting openstack-cinder-csi-driver-node pods\n1952214 - Console Devfile Import Dev Preview broken\n1952238 - Catalog pods don\u0027t report termination logs to catalog-operator\n1952262 - Need support external gateway via hybrid overlay\n1952266 - etcd operator bumps status.version[name=operator] before operands update\n1952268 - etcd operator should not set Degraded=True EtcdMembersDegraded on healthy machine-config node reboots\n1952282 - CSR approver races with nodelink controller and does not requeue\n1952310 - VM cannot start up if the ssh key is added by another template\n1952325 - [e2e][automation] Check support modal in ssh tests and skip template parentSupport\n1952333 - openshift/kubernetes vulnerable to CVE-2021-3121\n1952358 - Openshift-apiserver CO unavailable in fresh OCP 4.7.5 installations\n1952367 - No VM status on overview page when VM is pending\n1952368 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc\n1952372 - VM stop action should not be there if the VM is not running\n1952405 - console-operator is not reporting correct Available status\n1952448 - Switch from Managed to Disabled mode: no IP removed from configuration and no container metal3-static-ip-manager stopped\n1952460 - In k8s 1.21 bump \u0027[sig-network] Firewall rule control plane should not expose well-known ports\u0027 test is disabled\n1952473 - Monitor pod placement during upgrades\n1952487 - Template filter does not work properly\n1952495 - \u201cCreate\u201d button on the Templates page is confuse\n1952527 - [Multus] multi-networkpolicy does wrong filtering\n1952545 - Selection issue when inserting YAML snippets\n1952585 - Operator links for \u0027repository\u0027 and \u0027container image\u0027 should be clickable in OperatorHub\n1952604 - Incorrect port in external loadbalancer config\n1952610 - [aws] image-registry panics when the cluster is installed in a new region\n1952611 - Tracking bug for OCPCLOUD-1115 - support user-defined tags on AWS EC2 Instances\n1952618 - 4.7.4-\u003e4.7.8 Upgrade Caused OpenShift-Apiserver Outage\n1952625 - Fix translator-reported text issues\n1952632 - 4.8 installer should default ClusterVersion channel to stable-4.8\n1952635 - Web console displays a blank page- white space instead of cluster information\n1952665 - [Multus] multi-networkpolicy pod continue restart due to OOM (out of memory)\n1952666 - Implement Enhancement 741 for Kubelet\n1952667 - Update Readme for cluster-baremetal-operator with details about the operator\n1952684 - cluster-etcd-operator: metrics controller panics on invalid response from client\n1952728 - It was not clear for users why Snapshot feature was not available\n1952730 - \u201cCustomize virtual machine\u201d and the \u201cAdvanced\u201d feature are confusing in wizard\n1952732 - Users did not understand the boot source labels\n1952741 - Monitoring DB: after set Time Range as Custom time range, no data display\n1952744 - PrometheusDuplicateTimestamps with user workload monitoring enabled\n1952759 - [RFE]It was not immediately clear what the Star icon meant\n1952795 - cloud-network-config-controller CRD does not specify correct plural name\n1952819 - failed to configure pod interface: error while waiting on flows for pod: timed out waiting for OVS flows\n1952820 - [LSO] Delete localvolume pv is failed\n1952832 - [IBM][ROKS] Enable the Web console UI to deploy OCS in External mode on IBM Cloud\n1952891 - Upgrade failed due to cinder csi driver not deployed\n1952904 - Linting issues in gather/clusterconfig package\n1952906 - Unit tests for configobserver.go\n1952931 - CI does not check leftover PVs\n1952958 - Runtime error loading console in Safari 13\n1953019 - [Installer][baremetal][metal3] The baremetal IPI installer fails on delete cluster with: failed to clean baremetal bootstrap storage pool\n1953035 - Installer should error out if publish: Internal is set while deploying OCP cluster on any on-prem platform\n1953041 - openshift-authentication-operator uses 3.9k% of its requested CPU\n1953077 - Handling GCP\u0027s: Error 400: Permission accesscontextmanager.accessLevels.list is not valid for this resource\n1953102 - kubelet CPU use during an e2e run increased 25% after rebase\n1953105 - RHCOS system components registered a 3.5x increase in CPU use over an e2e run before and after 4/9\n1953169 - endpoint slice controller doesn\u0027t handle services target port correctly\n1953257 - Multiple EgressIPs per node for one namespace when \"oc get hostsubnet\"\n1953280 - DaemonSet/node-resolver is not recreated by dns operator after deleting it\n1953291 - cluster-etcd-operator: peer cert DNS SAN is populated incorrectly\n1953418 - [e2e][automation] Fix vm wizard validate tests\n1953518 - thanos-ruler pods failed to start up for \"cannot unmarshal DNS message\"\n1953530 - Fix openshift/sdn unit test flake\n1953539 - kube-storage-version-migrator: priorityClassName not set\n1953543 - (release-4.8) Add missing sample archive data\n1953551 - build failure: unexpected trampoline for shared or dynamic linking\n1953555 - GlusterFS tests fail on ipv6 clusters\n1953647 - prometheus-adapter should have a PodDisruptionBudget in HA topology\n1953670 - ironic container image build failing because esp partition size is too small\n1953680 - ipBlock ignoring all other cidr\u0027s apart from the last one specified\n1953691 - Remove unused mock\n1953703 - Inconsistent usage of Tech preview badge in OCS plugin of OCP Console\n1953726 - Fix issues related to loading dynamic plugins\n1953729 - e2e unidling test is flaking heavily on SNO jobs\n1953795 - Ironic can\u0027t virtual media attach ISOs sourced from ingress routes\n1953798 - GCP e2e (parallel and upgrade) regularly trigger KubeAPIErrorBudgetBurn alert, also happens on AWS\n1953803 - [AWS] Installer should do pre-check to ensure user-provided private hosted zone name is valid for OCP cluster\n1953810 - Allow use of storage policy in VMC environments\n1953830 - The oc-compliance build does not available for OCP4.8\n1953846 - SystemMemoryExceedsReservation alert should consider hugepage reservation\n1953977 - [4.8] packageserver pods restart many times on the SNO cluster\n1953979 - Ironic caching virtualmedia images results in disk space limitations\n1954003 - Alerts shouldn\u0027t report any alerts in firing or pending state: openstack-cinder-csi-driver-controller-metrics TargetDown\n1954025 - Disk errors while scaling up a node with multipathing enabled\n1954087 - Unit tests for kube-scheduler-operator\n1954095 - Apply user defined tags in AWS Internal Registry\n1954105 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns\n1954124 - oc set volume not adding storageclass to pvc which leads to issues using snapshots\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954177 - machine-api: admissionReviewVersions v1beta1 is going to be removed in 1.22\n1954187 - multus: admissionReviewVersions v1beta1 is going to be removed in 1.22\n1954248 - Disable Alertmanager Protractor e2e tests\n1954317 - [assisted operator] Environment variables set in the subscription not being inherited by the assisted-service container\n1954330 - NetworkPolicy: allow-from-router with label policy-group.network.openshift.io/ingress: \"\" does not work on a upgraded cluster\n1954421 - Get \u0027Application is not available\u0027 when access Prometheus UI\n1954459 - Error: Gateway Time-out display on Alerting console\n1954460 - UI, The status of \"Used Capacity Breakdown [Pods]\" is \"Not available\"\n1954509 - FC volume is marked as unmounted after failed reconstruction\n1954540 - Lack translation for local language on pages under storage menu\n1954544 - authn operator: endpoints controller should use the context it creates\n1954554 - Add e2e tests for auto node sizing\n1954566 - Cannot update a component (`UtilizationCard`) error when switching perspectives manually\n1954597 - Default image for GCP does not support ignition V3\n1954615 - Undiagnosed panic detected in pod: pods/openshift-cloud-credential-operator_cloud-credential-operator\n1954634 - apirequestcounts does not honor max users\n1954638 - apirequestcounts should indicate removedinrelease of empty instead of 2.0\n1954640 - Support of gatherers with different periods\n1954671 - disable volume expansion support in vsphere csi driver storage class\n1954687 - localvolumediscovery and localvolumset e2es are disabled\n1954688 - LSO has missing examples for localvolumesets\n1954696 - [API-1009] apirequestcounts should indicate useragent\n1954715 - Imagestream imports become very slow when doing many in parallel\n1954755 - Multus configuration should allow for net-attach-defs referenced in the openshift-multus namespace\n1954765 - CCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1954768 - baremetal-operator: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won\u0027t access APIs that trigger APIRemovedInNextReleaseInUse alert\n1954770 - Backport upstream fix for Kubelet getting stuck in DiskPressure\n1954773 - OVN: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert\n1954783 - [aws] support byo private hosted zone\n1954790 - KCM Alert PodDisruptionBudget At and Limit do not alert with maxUnavailable or MinAvailable by percentage\n1954830 - verify-client-go job is failing for release-4.7 branch\n1954865 - Add necessary priority class to pod-identity-webhook deployment\n1954866 - Add necessary priority class to downloads\n1954870 - Add necessary priority class to network components\n1954873 - dns server may not be specified for clusters with more than 2 dns servers specified by openstack. \n1954891 - Add necessary priority class to pruner\n1954892 - Add necessary priority class to ingress-canary\n1954931 - (release-4.8) Remove legacy URL anonymization in the ClusterOperator related resources\n1954937 - [API-1009] `oc get apirequestcount` shows blank for column REQUESTSINCURRENTHOUR\n1954959 - unwanted decorator shown for revisions in topology though should only be shown only for knative services\n1954972 - TechPreviewNoUpgrade featureset can be undone\n1954973 - \"read /proc/pressure/cpu: operation not supported\" in node-exporter logs\n1954994 - should update to 2.26.0 for prometheus resources label\n1955051 - metrics \"kube_node_status_capacity_cpu_cores\" does not exist\n1955089 - Support [sig-cli] oc observe works as expected test for IPv6\n1955100 - Samples: APIRemovedInNextReleaseInUse info alerts display\n1955102 - Add vsphere_node_hw_version_total metric to the collected metrics\n1955114 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1955196 - linuxptp-daemon crash on 4.8\n1955226 - operator updates apirequestcount CRD over and over\n1955229 - release-openshift-origin-installer-e2e-aws-calico-4.7 is permfailing\n1955256 - stop collecting API that no longer exists\n1955324 - Kubernetes Autoscaler should use Go 1.16 for testing scripts\n1955336 - Failure to Install OpenShift on GCP due to Cluster Name being similar to / contains \"google\"\n1955414 - 4.8 -\u003e 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator\n1955445 - Drop crio image metrics with high cardinality\n1955457 - Drop container_memory_failures_total metric because of high cardinality\n1955467 - Disable collection of node_mountstats_nfs metrics in node_exporter\n1955474 - [aws-ebs-csi-driver] rebase from version v1.0.0\n1955478 - Drop high-cardinality metrics from kube-state-metrics which aren\u0027t used\n1955517 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation\n1955548 - [IPI][OSP] OCP 4.6/4.7 IPI with kuryr exceeds defined serviceNetwork range\n1955554 - MAO does not react to events triggered from Validating Webhook Configurations\n1955589 - thanos-querier should have a PodDisruptionBudget in HA topology\n1955595 - Add DevPreviewLongLifecycle Descheduler profile\n1955596 - Pods stuck in creation phase on realtime kernel SNO\n1955610 - release-openshift-origin-installer-old-rhcos-e2e-aws-4.7 is permfailing\n1955622 - 4.8-e2e-metal-assisted jobs: Timeout of 360 seconds expired waiting for Cluster to be in status [\u0027installing\u0027, \u0027error\u0027]\n1955701 - [4.8] RHCOS boot image bump for RHEL 8.4 Beta\n1955749 - OCP branded templates need to be translated\n1955761 - packageserver clusteroperator does not set reason or message for Available condition\n1955783 - NetworkPolicy: ACL audit log message for allow-from-router policy should also include the namespace to distinguish between two policies similarly named configured in respective namespaces\n1955803 - OperatorHub - console accepts any value for \"Infrastructure features\" annotation\n1955822 - CIS Benchmark 5.4.1 Fails on ROKS 4: Prefer using secrets as files over secrets as environment variables\n1955854 - Ingress clusteroperator reports Degraded=True/Available=False if any ingresscontroller is degraded or unavailable\n1955862 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1955874 - Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct\n1955879 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-\u003e Removed-\u003e Managed in configs.imageregistry with high ratio\n1955969 - Workers cannot be deployed attached to multiple networks. \n1956079 - Installer gather doesn\u0027t collect any networking information\n1956208 - Installer should validate root volume type\n1956220 - Set htt proxy system properties as expected by kubernetes-client\n1956281 - Disconnected installs are failing with kubelet trying to pause image from the internet\n1956334 - Event Listener Details page does not show Triggers section\n1956353 - test: analyze job consistently fails\n1956372 - openshift-gcp-routes causes disruption during upgrade by stopping before all pods terminate\n1956405 - Bump k8s dependencies in cluster resource override admission operator\n1956411 - Apply custom tags to AWS EBS volumes\n1956480 - [4.8] Bootimage bump tracker\n1956606 - probes FlowSchema manifest not included in any cluster profile\n1956607 - Multiple manifests lack cluster profile annotations\n1956609 - [cluster-machine-approver] CSRs for replacement control plane nodes not approved after restore from backup\n1956610 - manage-helm-repos manifest lacks cluster profile annotations\n1956611 - OLM CRD schema validation failing against CRs where the value of a string field is a blank string\n1956650 - The container disk URL is empty for Windows guest tools\n1956768 - aws-ebs-csi-driver-controller-metrics TargetDown\n1956826 - buildArgs does not work when the value is taken from a secret\n1956895 - Fix chatty kubelet log message\n1956898 - fix log files being overwritten on container state loss\n1956920 - can\u0027t open terminal for pods that have more than one container running\n1956959 - ipv6 disconnected sno crd deployment hive reports success status and clusterdeployrmet reporting false\n1956978 - Installer gather doesn\u0027t include pod names in filename\n1957039 - Physical VIP for pod -\u003e Svc -\u003e Host is incorrectly set to an IP of 169.254.169.2 for Local GW\n1957041 - Update CI e2echart with more node info\n1957127 - Delegated authentication: reduce the number of watch requests\n1957131 - Conformance tests for OpenStack require the Cinder client that is not included in the \"tests\" image\n1957146 - Only run test/extended/router/idle tests on OpenshiftSDN or OVNKubernetes\n1957149 - CI: \"Managed cluster should start all core operators\" fails with: OpenStackCinderDriverStaticResourcesControllerDegraded: \"volumesnapshotclass.yaml\" (string): missing dynamicClient\n1957179 - Incorrect VERSION in node_exporter\n1957190 - CI jobs failing due too many watch requests (prometheus-operator)\n1957198 - Misspelled console-operator condition\n1957227 - Issue replacing the EnvVariables using the unsupported ConfigMap\n1957260 - [4.8] [gcp] Installer is missing new region/zone europe-central2\n1957261 - update godoc for new build status image change trigger fields\n1957295 - Apply priority classes conventions as test to openshift/origin repo\n1957315 - kuryr-controller doesn\u0027t indicate being out of quota\n1957349 - [Azure] Machine object showing Failed phase even node is ready and VM is running properly\n1957374 - mcddrainerr doesn\u0027t list specific pod\n1957386 - Config serve and validate command should be under alpha\n1957446 - prepare CCO for future without v1beta1 CustomResourceDefinitions\n1957502 - Infrequent panic in kube-apiserver in aws-serial job\n1957561 - lack of pseudolocalization for some text on Cluster Setting page\n1957584 - Routes are not getting created when using hostname without FQDN standard\n1957597 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1957645 - Event \"Updated PrometheusRule.monitoring.coreos.com/v1 because it changed\" is frequently looped with weird empty {} changes\n1957708 - e2e-metal-ipi and related jobs fail to bootstrap due to multiple VIP\u0027s\n1957726 - Pod stuck in ContainerCreating - Failed to start transient scope unit: Connection timed out\n1957748 - Ptp operator pod should have CPU and memory requests set but not limits\n1957756 - Device Replacemet UI, The status of the disk is \"replacement ready\" before I clicked on \"start replacement\"\n1957772 - ptp daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1957775 - CVO creating cloud-controller-manager too early causing upgrade failures\n1957809 - [OSP] Install with invalid platform.openstack.machinesSubnet results in runtime error\n1957822 - Update apiserver tlsSecurityProfile description to include Custom profile\n1957832 - CMO end-to-end tests work only on AWS\n1957856 - \u0027resource name may not be empty\u0027 is shown in CI testing\n1957869 - baremetal IPI power_interface for irmc is inconsistent\n1957879 - cloud-controller-manage ClusterOperator manifest does not declare relatedObjects\n1957889 - Incomprehensible documentation of the GatherClusterOperatorPodsAndEvents gatherer\n1957893 - ClusterDeployment / Agent conditions show \"ClusterAlreadyInstalling\" during each spoke install\n1957895 - Cypress helper projectDropdown.shouldContain is not an assertion\n1957908 - Many e2e failed requests caused by kube-storage-version-migrator-operator\u0027s version reads\n1957926 - \"Add Capacity\" should allow to add n*3 (or n*4) local devices at once\n1957951 - [aws] destroy can get blocked on instances stuck in shutting-down state\n1957967 - Possible test flake in listPage Cypress view\n1957972 - Leftover templates from mdns\n1957976 - Ironic execute_deploy_steps command to ramdisk times out, resulting in a failed deployment in 4.7\n1957982 - Deployment Actions clickable for view-only projects\n1957991 - ClusterOperatorDegraded can fire during installation\n1958015 - \"config-reloader-cpu\" and \"config-reloader-memory\" flags have been deprecated for prometheus-operator\n1958080 - Missing i18n for login, error and selectprovider pages\n1958094 - Audit log files are corrupted sometimes\n1958097 - don\u0027t show \"old, insecure token format\" if the token does not actually exist\n1958114 - Ignore staged vendor files in pre-commit script\n1958126 - [OVN]Egressip doesn\u0027t take effect\n1958158 - OAuth proxy container for AlertManager and Thanos are flooding the logs\n1958216 - ocp libvirt: dnsmasq options in install config should allow duplicate option names\n1958245 - cluster-etcd-operator: static pod revision is not visible from etcd logs\n1958285 - Deployment considered unhealthy despite being available and at latest generation\n1958296 - OLM must explicitly alert on deprecated APIs in use\n1958329 - pick 97428: add more context to log after a request times out\n1958367 - Build metrics do not aggregate totals by build strategy\n1958391 - Update MCO KubeletConfig to mixin the API Server TLS Security Profile Singleton\n1958405 - etcd: current health checks and reporting are not adequate to ensure availability\n1958406 - Twistlock flags mode of /var/run/crio/crio.sock\n1958420 - openshift-install 4.7.10 fails with segmentation error\n1958424 - aws: support more auth options in manual mode\n1958439 - Install/Upgrade button on Install/Upgrade Helm Chart page does not work with Form View\n1958492 - CCO: pod-identity-webhook still accesses APIRemovedInNextReleaseInUse\n1958643 - All pods creation stuck due to SR-IOV webhook timeout\n1958679 - Compression on pool can\u0027t be disabled via UI\n1958753 - VMI nic tab is not loadable\n1958759 - Pulling Insights report is missing retry logic\n1958811 - VM creation fails on API version mismatch\n1958812 - Cluster upgrade halts as machine-config-daemon fails to parse `rpm-ostree status` during cluster upgrades\n1958861 - [CCO] pod-identity-webhook certificate request failed\n1958868 - ssh copy is missing when vm is running\n1958884 - Confusing error message when volume AZ not found\n1958913 - \"Replacing an unhealthy etcd member whose node is not ready\" procedure results in new etcd pod in CrashLoopBackOff\n1958930 - network config in machine configs prevents addition of new nodes with static networking via kargs\n1958958 - [SCALE] segfault with ovnkube adding to address set\n1958972 - [SCALE] deadlock in ovn-kube when scaling up to 300 nodes\n1959041 - LSO Cluster UI,\"Troubleshoot\" link does not exist after scale down osd pod\n1959058 - ovn-kubernetes has lock contention on the LSP cache\n1959158 - packageserver clusteroperator Available condition set to false on any Deployment spec change\n1959177 - Descheduler dev manifests are missing permissions\n1959190 - Set LABEL io.openshift.release.operator=true for driver-toolkit image addition to payload\n1959194 - Ingress controller should use minReadySeconds because otherwise it is disrupted during deployment updates\n1959278 - Should remove prometheus servicemonitor from openshift-user-workload-monitoring\n1959294 - openshift-operator-lifecycle-manager:olm-operator-serviceaccount should not rely on external networking for health check\n1959327 - Degraded nodes on upgrade - Cleaning bootversions: Read-only file system\n1959406 - Difficult to debug performance on ovn-k without pprof enabled\n1959471 - Kube sysctl conformance tests are disabled, meaning we can\u0027t submit conformance results\n1959479 - machines doesn\u0027t support dual-stack loadbalancers on Azure\n1959513 - Cluster-kube-apiserver does not use library-go for audit pkg\n1959519 - Operand details page only renders one status donut no matter how many \u0027podStatuses\u0027 descriptors are used\n1959550 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console\n1959564 - Test verify /run filesystem contents failing\n1959648 - oc adm top --help indicates that oc adm top can display storage usage while it cannot\n1959650 - Gather SDI-related MachineConfigs\n1959658 - showing a lot \"constructing many client instances from the same exec auth config\"\n1959696 - Deprecate \u0027ConsoleConfigRoute\u0027 struct in console-operator config\n1959699 - [RFE] Collect LSO pod log and daemonset log managed by LSO\n1959703 - Bootstrap gather gets into an infinite loop on bootstrap-in-place mode\n1959711 - Egressnetworkpolicy doesn\u0027t work when configure the EgressIP\n1959786 - [dualstack]EgressIP doesn\u0027t work on dualstack cluster for IPv6\n1959916 - Console not works well against a proxy in front of openshift clusters\n1959920 - UEFISecureBoot set not on the right master node\n1959981 - [OCPonRHV] - Affinity Group should not create by default if we define empty affinityGroupsNames: []\n1960035 - iptables is missing from ose-keepalived-ipfailover image\n1960059 - Remove \"Grafana UI\" link from Console Monitoring \u003e Dashboards page\n1960089 - ImageStreams list page, detail page and breadcrumb are not following CamelCase conventions\n1960129 - [e2e][automation] add smoke tests about VM pages and actions\n1960134 - some origin images are not public\n1960171 - Enable SNO checks for image-registry\n1960176 - CCO should recreate a user for the component when it was removed from the cloud providers\n1960205 - The kubelet log flooded with reconcileState message once CPU manager enabled\n1960255 - fixed obfuscation permissions\n1960257 - breaking changes in pr template\n1960284 - ExternalTrafficPolicy Local does not preserve connections correctly on shutdown, policy Cluster has significant performance cost\n1960323 - Address issues raised by coverity security scan\n1960324 - manifests: extra \"spec.version\" in console quickstarts makes CVO hotloop\n1960330 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1960334 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1960337 - manifests: invalid selector in ServiceMonitor makes CVO hotloop\n1960339 - manifests: unset \"preemptionPolicy\" makes CVO hotloop\n1960531 - Items under \u0027Current Bandwidth\u0027 for Dashboard \u0027Kubernetes / Networking / Pod\u0027 keep added for every access\n1960534 - Some graphs of console dashboards have no legend and tooltips are difficult to undstand compared with grafana\n1960546 - Add virt_platform metric to the collected metrics\n1960554 - Remove rbacv1beta1 handling code\n1960612 - Node disk info in overview/details does not account for second drive where /var is located\n1960619 - Image registry integration tests use old-style OAuth tokens\n1960683 - GlobalConfigPage is constantly requesting resources\n1960711 - Enabling IPsec runtime causing incorrect MTU on Pod interfaces\n1960716 - Missing details for debugging\n1960732 - Outdated manifests directory in CSI driver operator repositories\n1960757 - [OVN] hostnetwork pod can access MCS port 22623 or 22624 on master\n1960758 - oc debug / oc adm must-gather do not require openshift/tools and openshift/must-gather to be \"the newest\"\n1960767 - /metrics endpoint of the Grafana UI is accessible without authentication\n1960780 - CI: failed to create PDB \"service-test\" the server could not find the requested resource\n1961064 - Documentation link to network policies is outdated\n1961067 - Improve log gathering logic\n1961081 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget in CMO logs\n1961091 - Gather MachineHealthCheck definitions\n1961120 - CSI driver operators fail when upgrading a cluster\n1961173 - recreate existing static pod manifests instead of updating\n1961201 - [sig-network-edge] DNS should answer A and AAAA queries for a dual-stack service is constantly failing\n1961314 - Race condition in operator-registry pull retry unit tests\n1961320 - CatalogSource does not emit any metrics to indicate if it\u0027s ready or not\n1961336 - Devfile sample for BuildConfig is not defined\n1961356 - Update single quotes to double quotes in string\n1961363 - Minor string update for \" No Storage classes found in cluster, adding source is disabled.\"\n1961393 - DetailsPage does not work with group~version~kind\n1961452 - Remove \"Alertmanager UI\" link from Console Monitoring \u003e Alerting page\n1961466 - Some dropdown placeholder text on route creation page is not translated\n1961472 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true\n1961506 - NodePorts do not work on RHEL 7.9 workers (was \"4.7 -\u003e 4.8 upgrade is stuck at Ingress operator Degraded with rhel 7.9 workers\")\n1961536 - clusterdeployment without pull secret is crashing assisted service pod\n1961538 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop\n1961545 - Fixing Documentation Generation\n1961550 - HAproxy pod logs showing error \"another server named \u0027pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080\u0027 was already defined at line 326, please use distinct names\"\n1961554 - respect the shutdown-delay-duration from OpenShiftAPIServerConfig\n1961561 - The encryption controllers send lots of request to an API server\n1961582 - Build failure on s390x\n1961644 - NodeAuthenticator tests are failing in IPv6\n1961656 - driver-toolkit missing some release metadata\n1961675 - Kebab menu of taskrun contains Edit options which should not be present\n1961701 - Enhance gathering of events\n1961717 - Update runtime dependencies to Wallaby builds for bugfixes\n1961829 - Quick starts prereqs not shown when description is long\n1961852 - Excessive lock contention when adding many pods selected by the same NetworkPolicy\n1961878 - Add Sprint 199 translations\n1961897 - Remove history listener before console UI is unmounted\n1961925 - New ManagementCPUsOverride admission plugin blocks pod creation in clusters with no nodes\n1962062 - Monitoring dashboards should support default values of \"All\"\n1962074 - SNO:the pod get stuck in CreateContainerError and prompt \"failed to add conmon to systemd sandbox cgroup: dial unix /run/systemd/private: connect: resource temporarily unavailable\" after adding a performanceprofile\n1962095 - Replace gather-job image without FQDN\n1962153 - VolumeSnapshot routes are ambiguous, too generic\n1962172 - Single node CI e2e tests kubelet metrics endpoints intermittent downtime\n1962219 - NTO relies on unreliable leader-for-life implementation. \n1962256 - use RHEL8 as the vm-example\n1962261 - Monitoring components requesting more memory than they use\n1962274 - OCP on RHV installer fails to generate an install-config with only 2 hosts in RHV cluster\n1962347 - Cluster does not exist logs after successful installation\n1962392 - After upgrade from 4.5.16 to 4.6.17, customer\u0027s application is seeing re-transmits\n1962415 - duplicate zone information for in-tree PV after enabling migration\n1962429 - Cannot create windows vm because kubemacpool.io denied the request\n1962525 - [Migration] SDN migration stuck on MCO on RHV cluster\n1962569 - NetworkPolicy details page should also show Egress rules\n1962592 - Worker nodes restarting during OS installation\n1962602 - Cloud credential operator scrolls info \"unable to provide upcoming...\" on unsupported platform\n1962630 - NTO: Ship the current upstream TuneD\n1962687 - openshift-kube-storage-version-migrator pod failed due to Error: container has runAsNonRoot and image will run as root\n1962698 - Console-operator can not create resource console-public configmap in the openshift-config-managed namespace\n1962718 - CVE-2021-29622 prometheus: open redirect under the /new endpoint\n1962740 - Add documentation to Egress Router\n1962850 - [4.8] Bootimage bump tracker\n1962882 - Version pod does not set priorityClassName\n1962905 - Ramdisk ISO source defaulting to \"http\" breaks deployment on a good amount of BMCs\n1963068 - ironic container should not specify the entrypoint\n1963079 - KCM/KS: ability to enforce localhost communication with the API server. \n1963154 - Current BMAC reconcile flow skips Ironic\u0027s deprovision step\n1963159 - Add Sprint 200 translations\n1963204 - Update to 8.4 IPA images\n1963205 - Installer is using old redirector\n1963208 - Translation typos/inconsistencies for Sprint 200 files\n1963209 - Some strings in public.json have errors\n1963211 - Fix grammar issue in kubevirt-plugin.json string\n1963213 - Memsource download script running into API error\n1963219 - ImageStreamTags not internationalized\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n1963267 - Warning: Invalid DOM property `classname`. Did you mean `className`? console warnings in volumes table\n1963502 - create template from is not descriptive\n1963676 - in vm wizard when selecting an os template it looks like selecting the flavor too\n1963833 - Cluster monitoring operator crashlooping on single node clusters due to segfault\n1963848 - Use OS-shipped stalld vs. the NTO-shipped one. \n1963866 - NTO: use the latest k8s 1.21.1 and openshift vendor dependencies\n1963871 - cluster-etcd-operator:[build] upgrade to go 1.16\n1963896 - The VM disks table does not show easy links to PVCs\n1963912 - \"[sig-network] DNS should provide DNS for {services, cluster, subdomain, hostname}\" failures on vsphere\n1963932 - Installation failures in bootstrap in OpenStack release jobs\n1963964 - Characters are not escaped on config ini file causing Kuryr bootstrap to fail\n1964059 - rebase openshift/sdn to kube 1.21.1\n1964197 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration\n1964203 - e2e-metal-ipi, e2e-metal-ipi-ovn-dualstack and e2e-metal-ipi-ovn-ipv6 are failing due to \"Unknown provider baremetal\"\n1964243 - The `oc compliance fetch-raw` doesn\u2019t work for disconnected cluster\n1964270 - Failed to install \u0027cluster-kube-descheduler-operator\u0027 with error: \"clusterkubedescheduleroperator.4.8.0-202105211057.p0.assembly.stream\\\": must be no more than 63 characters\"\n1964319 - Network policy \"deny all\" interpreted as \"allow all\" in description page\n1964334 - alertmanager/prometheus/thanos-querier /metrics endpoints are not secured\n1964472 - Make project and namespace requirements more visible rather than giving me an error after submission\n1964486 - Bulk adding of CIDR IPS to whitelist is not working\n1964492 - Pick 102171: Implement support for watch initialization in P\u0026F\n1964625 - NETID duplicate check is only required in NetworkPolicy Mode\n1964748 - Sync upstream 1.7.2 downstream\n1964756 - PVC status is always in \u0027Bound\u0027 status when it is actually cloning\n1964847 - Sanity check test suite missing from the repo\n1964888 - opoenshift-apiserver imagestreamimports depend on \u003e34s timeout support, WAS: transport: loopyWriter.run returning. connection error: desc = \"transport is closing\"\n1964936 - error log for \"oc adm catalog mirror\" is not correct\n1964979 - Add mapping from ACI to infraenv to handle creation order issues\n1964997 - Helm Library charts are showing and can be installed from Catalog\n1965024 - [DR] backup and restore should perform consistency checks on etcd snapshots\n1965092 - [Assisted-4.7] [Staging][OLM] Operators deployments start before all workers finished installation\n1965283 - 4.7-\u003e4.8 upgrades: cluster operators are not ready: openshift-controller-manager (Upgradeable=Unknown NoData: ), service-ca (Upgradeable=Unknown NoData:\n1965330 - oc image extract fails due to security capabilities on files\n1965334 - opm index add fails during image extraction\n1965367 - Typo in in etcd-metric-serving-ca resource name\n1965370 - \"Route\" is not translated in Korean or Chinese\n1965391 - When storage class is already present wizard do not jumps to \"Stoarge and nodes\"\n1965422 - runc is missing Provides oci-runtime in rpm spec\n1965522 - [v2v] Multiple typos on VM Import screen\n1965545 - Pod stuck in ContainerCreating: Unit ...slice already exists\n1965909 - Replace \"Enable Taint Nodes\" by \"Mark nodes as dedicated\"\n1965921 - [oVirt] High performance VMs shouldn\u0027t be created with Existing policy\n1965929 - kube-apiserver should use cert auth when reaching out to the oauth-apiserver with a TokenReview request\n1966077 - `hidden` descriptor is visible in the Operator instance details page`\n1966116 - DNS SRV request which worked in 4.7.9 stopped working in 4.7.11\n1966126 - root_ca_cert_publisher_sync_duration_seconds metric can have an excessive cardinality\n1966138 - (release-4.8) Update K8s \u0026 OpenShift API versions\n1966156 - Issue with Internal Registry CA on the service pod\n1966174 - No storage class is installed, OCS and CNV installations fail\n1966268 - Workaround for Network Manager not supporting nmconnections priority\n1966401 - Revamp Ceph Table in Install Wizard flow\n1966410 - kube-controller-manager should not trigger APIRemovedInNextReleaseInUse alert\n1966416 - (release-4.8) Do not exceed the data size limit\n1966459 - \u0027policy/v1beta1 PodDisruptionBudget\u0027 and \u0027batch/v1beta1 CronJob\u0027 appear in image-registry-operator log\n1966487 - IP address in Pods list table are showing node IP other than pod IP\n1966520 - Add button from ocs add capacity should not be enabled if there are no PV\u0027s\n1966523 - (release-4.8) Gather MachineAutoScaler definitions\n1966546 - [master] KubeAPI - keep day1 after cluster is successfully installed\n1966561 - Workload partitioning annotation workaround needed for CSV annotation propagation bug\n1966602 - don\u0027t require manually setting IPv6DualStack feature gate in 4.8\n1966620 - The bundle.Dockerfile in the repo is obsolete\n1966632 - [4.8.0] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install\n1966654 - Alertmanager PDB is not created, but Prometheus UWM is\n1966672 - Add Sprint 201 translations\n1966675 - Admin console string updates\n1966677 - Change comma to semicolon\n1966683 - Translation bugs from Sprint 201 files\n1966684 - Verify \"Creating snapshot for claim \u003c1\u003e{pvcName}\u003c/1\u003e\" displays correctly\n1966697 - Garbage collector logs every interval - move to debug level\n1966717 - include full timestamps in the logs\n1966759 - Enable downstream plugin for Operator SDK\n1966795 - [tests] Release 4.7 broken due to the usage of wrong OCS version\n1966813 - \"Replacing an unhealthy etcd member whose node is not ready\" procedure results in new etcd pod in CrashLoopBackOff\n1966862 - vsphere IPI - local dns prepender is not prepending nameserver 127.0.0.1\n1966892 - [master] [Assisted-4.8][SNO] SNO node cannot transition into \"Writing image to disk\" from \"Waiting for bootkub[e\"\n1966952 - [4.8.0] [Assisted-4.8][SNO][Dual Stack] DHCPv6 settings \"ipv6.dhcp-duid=ll\" missing from dual stack install\n1967104 - [4.8.0] InfraEnv ctrl: log the amount of NMstate Configs baked into the image\n1967126 - [4.8.0] [DOC] KubeAPI docs should clarify that the InfraEnv Spec pullSecretRef is currently ignored\n1967197 - 404 errors loading some i18n namespaces\n1967207 - Getting started card: console customization resources link shows other resources\n1967208 - Getting started card should use semver library for parsing the version instead of string manipulation\n1967234 - Console is continuously polling for ConsoleLink acm-link\n1967275 - Awkward wrapping in getting started dashboard card\n1967276 - Help menu tooltip overlays dropdown\n1967398 - authentication operator still uses previous deleted pod ip rather than the new created pod ip to do health check\n1967403 - (release-4.8) Increase workloads fingerprint gatherer pods limit\n1967423 - [master] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion\n1967444 - openshift-local-storage pods found with invalid priority class, should be openshift-user-critical or begin with system- while running e2e tests\n1967531 - the ccoctl tool should extend MaxItems when listRoles, the default value 100 is a little small\n1967578 - [4.8.0] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion\n1967591 - The ManagementCPUsOverride admission plugin should not mutate containers with the limit\n1967595 - Fixes the remaining lint issues\n1967614 - prometheus-k8s pods can\u0027t be scheduled due to volume node affinity conflict\n1967623 - [OCPonRHV] - ./openshift-install installation with install-config doesn\u0027t work if ovirt-config.yaml doesn\u0027t exist and user should fill the FQDN URL\n1967625 - Add OpenShift Dockerfile for cloud-provider-aws\n1967631 - [4.8.0] Cluster install failed due to timeout while \"Waiting for control plane\"\n1967633 - [4.8.0] [Assisted-4.8][SNO] SNO node cannot transition into \"Writing image to disk\" from \"Waiting for bootkube\"\n1967639 - Console whitescreens if user preferences fail to load\n1967662 - machine-api-operator should not use deprecated \"platform\" field in infrastructures.config.openshift.io\n1967667 - Add Sprint 202 Round 1 translations\n1967713 - Insights widget shows invalid link to the OCM\n1967717 - Insights Advisor widget is missing a description paragraph and contains deprecated naming\n1967745 - When setting DNS node placement by toleration to not tolerate master node, effect value should not allow string other than \"NoExecute\"\n1967803 - should update to 7.5.5 for grafana resources version label\n1967832 - Add more tests for periodic.go\n1967833 - Add tasks pool to tasks_processing\n1967842 - Production logs are spammed on \"OCS requirements validation status Insufficient hosts to deploy OCS. A minimum of 3 hosts is required to deploy OCS\"\n1967843 - Fix null reference to messagesToSearch in gather_logs.go\n1967902 - [4.8.0] Assisted installer chrony manifests missing index numberring\n1967933 - Network-Tools debug scripts not working as expected\n1967945 - [4.8.0] [assisted operator] Assisted Service Postgres crashes msg: \"mkdir: cannot create directory \u0027/var/lib/pgsql/data/userdata\u0027: Permission denied\"\n1968019 - drain timeout and pool degrading period is too short\n1968067 - [master] Agent validation not including reason for being insufficient\n1968168 - [4.8.0] KubeAPI - keep day1 after cluster is successfully installed\n1968175 - [4.8.0] Agent validation not including reason for being insufficient\n1968373 - [4.8.0] BMAC re-attaches installed node on ISO regeneration\n1968385 - [4.8.0] Infra env require pullSecretRef although it shouldn\u0027t be required\n1968435 - [4.8.0] Unclear message in case of missing clusterImageSet\n1968436 - Listeners timeout updated to remain using default value\n1968449 - [4.8.0] Wrong Install-config override documentation\n1968451 - [4.8.0] Garbage collector not cleaning up directories of removed clusters\n1968452 - [4.8.0] [doc] \"Mirror Registry Configuration\" doc section needs clarification of functionality and limitations\n1968454 - [4.8.0] backend events generated with wrong namespace for agent\n1968455 - [4.8.0] Assisted Service operator\u0027s controllers are starting before the base service is ready\n1968515 - oc should set user-agent when talking with registry\n1968531 - Sync upstream 1.8.0 downstream\n1968558 - [sig-cli] oc adm storage-admin [Suite:openshift/conformance/parallel] doesn\u0027t clean up properly\n1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted\n1968625 - Pods using sr-iov interfaces failign to start for Failed to create pod sandbox\n1968700 - catalog-operator crashes when status.initContainerStatuses[].state.waiting is nil\n1968701 - Bare metal IPI installation is failed due to worker inspection failure\n1968754 - CI: e2e-metal-ipi-upgrade failing on KubeletHasDiskPressure, which triggers machine-config RequiredPoolsFailed\n1969212 - [FJ OCP4.8 Bug - PUBLIC VERSION]: Masters repeat reboot every few minutes during workers provisioning\n1969284 - Console Query Browser: Can\u0027t reset zoom to fixed time range after dragging to zoom\n1969315 - [4.8.0] BMAC doesn\u0027t check if ISO Url changed before queuing BMH for reconcile\n1969352 - [4.8.0] Creating BareMetalHost without the \"inspect.metal3.io\" does not automatically add it\n1969363 - [4.8.0] Infra env should show the time that ISO was generated. \n1969367 - [4.8.0] BMAC should wait for an ISO to exist for 1 minute before using it\n1969386 - Filesystem\u0027s Utilization doesn\u0027t show in VM overview tab\n1969397 - OVN bug causing subports to stay DOWN fails installations\n1969470 - [4.8.0] Misleading error in case of install-config override bad input\n1969487 - [FJ OCP4.8 Bug]: Avoid always do delete_configuration clean step\n1969525 - Replace golint with revive\n1969535 - Topology edit icon does not link correctly when branch name contains slash\n1969538 - Install a VolumeSnapshotClass by default on CSI Drivers that support it\n1969551 - [4.8.0] Assisted service times out on GetNextSteps due to `oc adm release info` taking too long\n1969561 - Test \"an end user can use OLM can subscribe to the operator\" generates deprecation alert\n1969578 - installer: accesses v1beta1 RBAC APIs and causes APIRemovedInNextReleaseInUse to fire\n1969599 - images without registry are being prefixed with registry.hub.docker.com instead of docker.io\n1969601 - manifest for networks.config.openshift.io CRD uses deprecated apiextensions.k8s.io/v1beta1\n1969626 - Portfoward stream cleanup can cause kubelet to panic\n1969631 - EncryptionPruneControllerDegraded: etcdserver: request timed out\n1969681 - MCO: maxUnavailable of ds/machine-config-daemon does not get updated due to missing resourcemerge check\n1969712 - [4.8.0] Assisted service reports a malformed iso when we fail to download the base iso\n1969752 - [4.8.0] [assisted operator] Installed Clusters are missing DNS setups\n1969773 - [4.8.0] Empty cluster name on handleEnsureISOErrors log after applying InfraEnv.yaml\n1969784 - WebTerminal widget should send resize events\n1969832 - Applying a profile with multiple inheritance where parents include a common ancestor fails\n1969891 - Fix rotated pipelinerun status icon issue in safari\n1969900 - Test files should not use deprecated APIs that will trigger APIRemovedInNextReleaseInUse\n1969903 - Provisioning a large number of hosts results in an unexpected delay in hosts becoming available\n1969951 - Cluster local doesn\u0027t work for knative services created from dev console\n1969969 - ironic-rhcos-downloader container uses and old base image\n1970062 - ccoctl does not work with STS authentication\n1970068 - ovnkube-master logs \"Failed to find node ips for gateway\" error\n1970126 - [4.8.0] Disable \"metrics-events\" when deploying using the operator\n1970150 - master pool is still upgrading when machine config reports level / restarts on osimageurl change\n1970262 - [4.8.0] Remove Agent CRD Status fields not needed\n1970265 - [4.8.0] Add State and StateInfo to DebugInfo in ACI and Agent CRDs\n1970269 - [4.8.0] missing role in agent CRD\n1970271 - [4.8.0] Add ProgressInfo to Agent and AgentClusterInstalll CRDs\n1970381 - Monitoring dashboards: Custom time range inputs should retain their values\n1970395 - [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed\n1970401 - [4.8.0] AgentLabelSelector is required yet not supported\n1970415 - SR-IOV Docs needs documentation for disabling port security on a network\n1970470 - Add pipeline annotation to Secrets which are created for a private repo\n1970494 - [4.8.0] Missing value-filling of log line in assisted-service operator pod\n1970624 - 4.7-\u003e4.8 updates: AggregatedAPIDown for v1beta1.metrics.k8s.io\n1970828 - \"500 Internal Error\" for all openshift-monitoring routes\n1970975 - 4.7 -\u003e 4.8 upgrades on AWS take longer than expected\n1971068 - Removing invalid AWS instances from the CF templates\n1971080 - 4.7-\u003e4.8 CI: KubePodNotReady due to MCD\u0027s 5m sleep between drain attempts\n1971188 - Web Console does not show OpenShift Virtualization Menu with VirtualMachine CRDs of version v1alpha3 !\n1971293 - [4.8.0] Deleting agent from one namespace causes all agents with the same name to be deleted from all namespaces\n1971308 - [4.8.0] AI KubeAPI AgentClusterInstall confusing \"Validated\" condition about VIP not matching machine network\n1971529 - [Dummy bug for robot] 4.7.14 upgrade to 4.8 and then downgrade back to 4.7.14 doesn\u0027t work - clusteroperator/kube-apiserver is not upgradeable\n1971589 - [4.8.0] Telemetry-client won\u0027t report metrics in case the cluster was installed using the assisted operator\n1971630 - [4.8.0] ACM/ZTP with Wan emulation fails to start the agent service\n1971632 - [4.8.0] ACM/ZTP with Wan emulation, several clusters fail to step past discovery\n1971654 - [4.8.0] InfraEnv controller should always requeue for backend response HTTP StatusConflict (code 409)\n1971739 - Keep /boot RW when kdump is enabled\n1972085 - [4.8.0] Updating configmap within AgentServiceConfig is not logged properly\n1972128 - ironic-static-ip-manager container still uses 4.7 base image\n1972140 - [4.8.0] ACM/ZTP with Wan emulation, SNO cluster installs do not show as installed although they are\n1972167 - Several operators degraded because Failed to create pod sandbox when installing an sts cluster\n1972213 - Openshift Installer| UEFI mode | BM hosts have BIOS halted\n1972262 - [4.8.0] \"baremetalhost.metal3.io/detached\" uses boolean value where string is expected\n1972426 - Adopt failure can trigger deprovisioning\n1972436 - [4.8.0] [DOCS] AgentServiceConfig examples in operator.md doc should each contain databaseStorage + filesystemStorage\n1972526 - [4.8.0] clusterDeployments controller should send an event to InfraEnv for backend cluster registration\n1972530 - [4.8.0] no indication for missing debugInfo in AgentClusterInstall\n1972565 - performance issues due to lost node, pods taking too long to relaunch\n1972662 - DPDK KNI modules need some additional tools\n1972676 - Requirements for authenticating kernel modules with X.509\n1972687 - Using bound SA tokens causes causes failures to /apis/authorization.openshift.io/v1/clusterrolebindings\n1972690 - [4.8.0] infra-env condition message isn\u0027t informative in case of missing pull secret\n1972702 - [4.8.0] Domain dummy.com (not belonging to Red Hat) is being used in a default configuration\n1972768 - kube-apiserver setup fail while installing SNO due to port being used\n1972864 - New `local-with-fallback` service annotation does not preserve source IP\n1973018 - Ironic rhcos downloader breaks image cache in upgrade process from 4.7 to 4.8\n1973117 - No storage class is installed, OCS and CNV installations fail\n1973233 - remove kubevirt images and references\n1973237 - RHCOS-shipped stalld systemd units do not use SCHED_FIFO to run stalld. \n1973428 - Placeholder bug for OCP 4.8.0 image release\n1973667 - [4.8] NetworkPolicy tests were mistakenly marked skipped\n1973672 - fix ovn-kubernetes NetworkPolicy 4.7-\u003e4.8 upgrade issue\n1973995 - [Feature:IPv6DualStack] tests are failing in dualstack\n1974414 - Uninstalling kube-descheduler clusterkubedescheduleroperator.4.6.0-202106010807.p0.git.5db84c5 removes some clusterrolebindings\n1974447 - Requirements for nvidia GPU driver container for driver toolkit\n1974677 - [4.8.0] KubeAPI CVO progress is not available on CR/conditions only in events. \n1974718 - Tuned net plugin fails to handle net devices with n/a value for a channel\n1974743 - [4.8.0] All resources not being cleaned up after clusterdeployment deletion\n1974746 - [4.8.0] File system usage not being logged appropriately\n1974757 - [4.8.0] Assisted-service deployed on an IPv6 cluster installed with proxy: agentclusterinstall shows error pulling an image from quay. \n1974773 - Using bound SA tokens causes fail to query cluster resource especially in a sts cluster\n1974839 - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string\n1974850 - [4.8] coreos-installer failing Execshield\n1974931 - [4.8.0] Assisted Service Operator should be Infrastructure Operator for Red Hat OpenShift\n1974978 - 4.8.0.rc0 upgrade hung, stuck on DNS clusteroperator progressing\n1975155 - Kubernetes service IP cannot be accessed for rhel worker\n1975227 - [4.8.0] KubeAPI Move conditions consts to CRD types\n1975360 - [4.8.0] [master] timeout on kubeAPI subsystem test: SNO full install and validate MetaData\n1975404 - [4.8.0] Confusing behavior when multi-node spoke workers present when only controlPlaneAgents specified\n1975432 - Alert InstallPlanStepAppliedWithWarnings does not resolve\n1975527 - VMware UPI is configuring static IPs via ignition rather than afterburn\n1975672 - [4.8.0] Production logs are spammed on \"Found unpreparing host: id 08f22447-2cf1-a107-eedf-12c7421f7380 status insufficient\"\n1975789 - worker nodes rebooted when we simulate a case where the api-server is down\n1975938 - gcp-realtime: e2e test failing [sig-storage] Multi-AZ Cluster Volumes should only be allowed to provision PDs in zones where nodes exist [Suite:openshift/conformance/parallel] [Suite:k8s]\n1975964 - 4.7 nightly upgrade to 4.8 and then downgrade back to 4.7 nightly doesn\u0027t work - ingresscontroller \"default\" is degraded\n1976079 - [4.8.0] Openshift Installer| UEFI mode | BM hosts have BIOS halted\n1976263 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1976376 - disable jenkins client plugin test whose Jenkinsfile references master branch openshift/origin artifacts\n1976590 - [Tracker] [SNO][assisted-operator][nmstate] Bond Interface is down when booting from the discovery ISO\n1977233 - [4.8] Unable to authenticate against IDP after upgrade to 4.8-rc.1\n1977351 - CVO pod skipped by workload partitioning with incorrect error stating cluster is not SNO\n1977352 - [4.8.0] [SNO] No DNS to cluster API from assisted-installer-controller\n1977426 - Installation of OCP 4.6.13 fails when teaming interface is used with OVNKubernetes\n1977479 - CI failing on firing CertifiedOperatorsCatalogError due to slow livenessProbe responses\n1977540 - sriov webhook not worked when upgrade from 4.7 to 4.8\n1977607 - [4.8.0] Post making changes to AgentServiceConfig assisted-service operator is not detecting the change and redeploying assisted-service pod\n1977924 - Pod fails to run when a custom SCC with a specific set of volumes is used\n1980788 - NTO-shipped stalld can segfault\n1981633 - enhance service-ca injection\n1982250 - Performance Addon Operator fails to install after catalog source becomes ready\n1982252 - olm Operator is in CrashLoopBackOff state with error \"couldn\u0027t cleanup cross-namespace ownerreferences\"\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-2183\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-15106\nhttps://access.redhat.com/security/cve/CVE-2020-15112\nhttps://access.redhat.com/security/cve/CVE-2020-15113\nhttps://access.redhat.com/security/cve/CVE-2020-15114\nhttps://access.redhat.com/security/cve/CVE-2020-15136\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-26541\nhttps://access.redhat.com/security/cve/CVE-2020-28469\nhttps://access.redhat.com/security/cve/CVE-2020-28500\nhttps://access.redhat.com/security/cve/CVE-2020-28852\nhttps://access.redhat.com/security/cve/CVE-2021-3114\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3636\nhttps://access.redhat.com/security/cve/CVE-2021-20206\nhttps://access.redhat.com/security/cve/CVE-2021-20271\nhttps://access.redhat.com/security/cve/CVE-2021-20291\nhttps://access.redhat.com/security/cve/CVE-2021-21419\nhttps://access.redhat.com/security/cve/CVE-2021-21623\nhttps://access.redhat.com/security/cve/CVE-2021-21639\nhttps://access.redhat.com/security/cve/CVE-2021-21640\nhttps://access.redhat.com/security/cve/CVE-2021-21648\nhttps://access.redhat.com/security/cve/CVE-2021-22133\nhttps://access.redhat.com/security/cve/CVE-2021-23337\nhttps://access.redhat.com/security/cve/CVE-2021-23362\nhttps://access.redhat.com/security/cve/CVE-2021-23368\nhttps://access.redhat.com/security/cve/CVE-2021-23382\nhttps://access.redhat.com/security/cve/CVE-2021-25735\nhttps://access.redhat.com/security/cve/CVE-2021-25737\nhttps://access.redhat.com/security/cve/CVE-2021-26539\nhttps://access.redhat.com/security/cve/CVE-2021-26540\nhttps://access.redhat.com/security/cve/CVE-2021-27292\nhttps://access.redhat.com/security/cve/CVE-2021-28092\nhttps://access.redhat.com/security/cve/CVE-2021-29059\nhttps://access.redhat.com/security/cve/CVE-2021-29622\nhttps://access.redhat.com/security/cve/CVE-2021-32399\nhttps://access.redhat.com/security/cve/CVE-2021-33034\nhttps://access.redhat.com/security/cve/CVE-2021-33194\nhttps://access.redhat.com/security/cve/CVE-2021-33909\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQCOF9zjgjWX9erEAQjsEg/+NSFQdRcZpqA34LWRtxn+01y2MO0WLroQ\nd4o+3h0ECKYNRFKJe6n7z8MdmPpvV2uNYN0oIwidTESKHkFTReQ6ZolcV/sh7A26\nZ7E+hhpTTObxAL7Xx8nvI7PNffw3CIOZSpnKws5TdrwuMkH5hnBSSZntP5obp9Vs\nImewWWl7CNQtFewtXbcmUojNzIvU1mujES2DTy2ffypLoOW6kYdJzyWubigIoR6h\ngep9HKf1X4oGPuDNF5trSdxKwi6W68+VsOA25qvcNZMFyeTFhZqowot/Jh1HUHD8\nTWVpDPA83uuExi/c8tE8u7VZgakWkRWcJUsIw68VJVOYGvpP6K/MjTpSuP2itgUX\nX//1RGQM7g6sYTCSwTOIrMAPbYH0IMbGDjcS4fSZcfg6c+WJnEpZ72ZgjHZV8mxb\n1BtQSs2lil48/cwDKM0yMO2nYsKiz4DCCx2W5izP0rLwNA8Hvqh9qlFgkxJWWOvA\nmtBCelB0E74qrE4NXbX+MIF7+ZQKjd1evE91/VWNs0FLR/xXdP3C5ORLU3Fag0G/\n0oTV73NdxP7IXVAdsECwU2AqS9ne1y01zJKtd7hq7H/wtkbasqCNq5J7HikJlLe6\ndpKh5ZRQzYhGeQvho9WQfz/jd4HZZTcB6wxrWubbd05bYt/i/0gau90LpuFEuSDx\n+bLvJlpGiMg=\n=NJcM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Linux kernel vulnerabilities\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary\n\nSeveral security issues were fixed in the kernel. An attacker in a guest VM could use\nthis to write to portions of the host\u2019s physical memory. (CVE-2021-3653)\n\nMaxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor\nimplementation for AMD processors in the Linux kernel allowed a guest VM\nto disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker\nin a guest VM could use this to read or write portions of the host\u2019s\nphysical memory. (CVE-2021-3656)\n\nAndy Nguyen discovered that the netfilter subsystem in the Linux kernel\ncontained an out-of-bounds write in its setsockopt() implementation. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2021-22555)\n\nIt was discovered that the virtual file system implementation in the\nLinux kernel contained an unsigned to signed integer conversion error. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or execute arbitrary code. (CVE-2021-33909)\n\nUpdate instructions\n\nThe problem can be corrected by updating your kernel livepatch to the\nfollowing versions:\n\nUbuntu 20.04 LTS\n gcp - 81.1\n generic - 81.1\n gke - 81.1\n gkeop - 81.1\n lowlatency - 81.1\n\nUbuntu 18.04 LTS\n generic - 81.1\n gke - 81.1\n gkeop - 81.1\n lowlatency - 81.1\n oem - 81.1\n\nUbuntu 16.04 ESM\n generic - 81.1\n lowlatency - 81.1\n\nUbuntu 14.04 ESM\n generic - 81.1\n lowlatency - 81.1\n\nSupport Information\n\nKernels older than the levels listed below do not receive livepatch\nupdates. If you are running a kernel version earlier than the one listed\nbelow, please upgrade your kernel as soon as possible. \n\nUbuntu 20.04 LTS\n linux-aws - 5.4.0-1009\n linux-azure - 5.4.0-1010\n linux-gcp - 5.4.0-1009\n linux-gke - 5.4.0-1033\n linux-gkeop - 5.4.0-1009\n linux-oem - 5.4.0-26\n linux - 5.4.0-26\n\nUbuntu 18.04 LTS\n linux-aws - 4.15.0-1054\n linux-gke-4.15 - 4.15.0-1076\n linux-gke-5.4 - 5.4.0-1009\n linux-gkeop-5.4 - 5.4.0-1007\n linux-hwe-5.4 - 5.4.0-26\n linux-oem - 4.15.0-1063\n linux - 4.15.0-69\n\nUbuntu 16.04 ESM\n linux-aws - 4.4.0-1098\n linux-azure - 4.15.0-1063\n linux-azure - 4.15.0-1078\n linux-hwe - 4.15.0-69\n linux - 4.4.0-168\n linux - 4.4.0-211\n\nUbuntu 14.04 ESM\n linux-lts-xenial - 4.4.0-168\n\nReferences\n\n- CVE-2021-3653\n- CVE-2021-3656\n- CVE-2021-22555\n- CVE-2021-33909\n\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33909"
},
{
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"db": "PACKETSTORM",
"id": "163590"
},
{
"db": "PACKETSTORM",
"id": "163595"
},
{
"db": "PACKETSTORM",
"id": "163601"
},
{
"db": "PACKETSTORM",
"id": "163606"
},
{
"db": "PACKETSTORM",
"id": "163608"
},
{
"db": "PACKETSTORM",
"id": "163619"
},
{
"db": "PACKETSTORM",
"id": "163568"
},
{
"db": "PACKETSTORM",
"id": "163682"
},
{
"db": "PACKETSTORM",
"id": "163690"
},
{
"db": "PACKETSTORM",
"id": "164155"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33909",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "164155",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "163671",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "163621",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "165477",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/07/22/7",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/17/4",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/21/1",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/08/25/10",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/17/2",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/07/20/1",
"trust": 1.0
},
{
"db": "VULMON",
"id": "CVE-2021-33909",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163590",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163595",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163601",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163606",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163608",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163682",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163690",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"db": "PACKETSTORM",
"id": "163590"
},
{
"db": "PACKETSTORM",
"id": "163595"
},
{
"db": "PACKETSTORM",
"id": "163601"
},
{
"db": "PACKETSTORM",
"id": "163606"
},
{
"db": "PACKETSTORM",
"id": "163608"
},
{
"db": "PACKETSTORM",
"id": "163619"
},
{
"db": "PACKETSTORM",
"id": "163568"
},
{
"db": "PACKETSTORM",
"id": "163682"
},
{
"db": "PACKETSTORM",
"id": "163690"
},
{
"db": "PACKETSTORM",
"id": "164155"
},
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"id": "VAR-202107-1361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21111111
},
"last_update_date": "2024-07-23T19:28:07.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Amazon Linux AMI: ALAS-2021-1524",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1524"
},
{
"title": "Debian Security Advisories: DSA-4941-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=fb9b5f5cc430f484f4420a11b7b87136"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-055",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2livepatch-2021-055"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-003",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2kernel-5.10-2022-003"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1691",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1691"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-057",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2livepatch-2021-057"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-056",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2livepatch-2021-056"
},
{
"title": "Arch Linux Advisories: [ASA-202107-48] linux: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-48"
},
{
"title": "Arch Linux Advisories: [ASA-202107-50] linux-hardened: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-50"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2kernel-5.4-2022-005"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-058",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2livepatch-2021-058"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-059",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2livepatch-2021-059"
},
{
"title": "Arch Linux Advisories: [ASA-202107-49] linux-zen: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-49"
},
{
"title": "Arch Linux Advisories: [ASA-202107-51] linux-lts: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-51"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-33909 log"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "LinuxVulnerabilities",
"trust": 0.1,
"url": "https://github.com/gitezri/linuxvulnerabilities "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-33909 "
},
{
"title": "CVE-2021-33909",
"trust": 0.1,
"url": "https://github.com/amiahuman/cve-2021-33909 "
},
{
"title": "CVE-2021-33909",
"trust": 0.1,
"url": "https://github.com/liang2580/cve-2021-33909 "
},
{
"title": "cve-2021-33909",
"trust": 0.1,
"url": "https://github.com/baerwolf/cve-2021-33909 "
},
{
"title": "CVE-2021-33909",
"trust": 0.1,
"url": "https://github.com/bbinfosec43/cve-2021-33909 "
},
{
"title": "deep-directory",
"trust": 0.1,
"url": "https://github.com/sfowl/deep-directory "
},
{
"title": "integer_compilation_flags",
"trust": 0.1,
"url": "https://github.com/mdulin2/integer_compilation_flags "
},
{
"title": "CVE-2021-33909",
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-33909 "
},
{
"title": "CVE-2021-33909",
"trust": 0.1,
"url": "https://github.com/christhecoolhut/cve-2021-33909 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/knewbury01/codeql-workshop-integer-conversion "
},
{
"title": "kickstart-rhel8",
"trust": 0.1,
"url": "https://github.com/alexhaydock/kickstart-rhel8 "
},
{
"title": "exploit_articles",
"trust": 0.1,
"url": "https://github.com/chokyuwon/exploit_articles "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hardenedvault/ved "
},
{
"title": "SVG-advisories",
"trust": 0.1,
"url": "https://github.com/egi-federation/svg-advisories "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/makoto56/penetration-suite-toolkit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/163621/sequoia-a-deep-root-in-linuxs-filesystem-layer.html"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/163671/kernel-live-patch-security-notice-lsn-0079-1.html"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/164155/kernel-live-patch-security-notice-lsn-0081-1.html"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/165477/kernel-live-patch-security-notice-lsn-0083-1.html"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/07/22/7"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/08/25/10"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
},
{
"trust": 1.0,
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/changelog-5.13.4"
},
{
"trust": 1.0,
"url": "https://github.com/torvalds/linux/commit/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00014.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00015.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00016.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z4uhhigiso3fvrf4cqnjs4ika25atsfu/"
},
{
"trust": 1.0,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20210819-0004/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2021/dsa-4941"
},
{
"trust": 1.0,
"url": "https://www.openwall.com/lists/oss-security/2021/07/20/1"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33909"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-006"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2723"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5014-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.11.0-1014.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.11.0-1012.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.11.0-25.27"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.11.0-1015.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1012.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1045.48"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1042.44"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.11.0-1013.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-76.72"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.11.0-1014.15"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2731"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2734"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2763"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25737"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15106"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29059"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2438"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29622"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "163590"
},
{
"db": "PACKETSTORM",
"id": "163595"
},
{
"db": "PACKETSTORM",
"id": "163601"
},
{
"db": "PACKETSTORM",
"id": "163606"
},
{
"db": "PACKETSTORM",
"id": "163608"
},
{
"db": "PACKETSTORM",
"id": "163619"
},
{
"db": "PACKETSTORM",
"id": "163568"
},
{
"db": "PACKETSTORM",
"id": "163682"
},
{
"db": "PACKETSTORM",
"id": "163690"
},
{
"db": "PACKETSTORM",
"id": "164155"
},
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"db": "PACKETSTORM",
"id": "163590"
},
{
"db": "PACKETSTORM",
"id": "163595"
},
{
"db": "PACKETSTORM",
"id": "163601"
},
{
"db": "PACKETSTORM",
"id": "163606"
},
{
"db": "PACKETSTORM",
"id": "163608"
},
{
"db": "PACKETSTORM",
"id": "163619"
},
{
"db": "PACKETSTORM",
"id": "163568"
},
{
"db": "PACKETSTORM",
"id": "163682"
},
{
"db": "PACKETSTORM",
"id": "163690"
},
{
"db": "PACKETSTORM",
"id": "164155"
},
{
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"date": "2021-07-21T16:03:37",
"db": "PACKETSTORM",
"id": "163590"
},
{
"date": "2021-07-21T16:04:17",
"db": "PACKETSTORM",
"id": "163595"
},
{
"date": "2021-07-21T16:04:59",
"db": "PACKETSTORM",
"id": "163601"
},
{
"date": "2021-07-21T16:05:35",
"db": "PACKETSTORM",
"id": "163606"
},
{
"date": "2021-07-21T16:06:02",
"db": "PACKETSTORM",
"id": "163608"
},
{
"date": "2021-07-21T16:07:24",
"db": "PACKETSTORM",
"id": "163619"
},
{
"date": "2021-07-20T20:34:00",
"db": "PACKETSTORM",
"id": "163568"
},
{
"date": "2021-07-27T14:47:55",
"db": "PACKETSTORM",
"id": "163682"
},
{
"date": "2021-07-28T14:53:49",
"db": "PACKETSTORM",
"id": "163690"
},
{
"date": "2021-09-14T16:28:49",
"db": "PACKETSTORM",
"id": "164155"
},
{
"date": "2021-07-20T19:15:09.747000",
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33909"
},
{
"date": "2023-11-07T03:35:56.050000",
"db": "NVD",
"id": "CVE-2021-33909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "163595"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2723-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163590"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "163595"
}
],
"trust": 0.1
}
}
VAR-202012-1278
Vulnerability from variot - Updated: 2024-07-23 19:24curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary:
Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
- NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
-
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
-
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
-
Previously, the PVCs could not be provisioned as the
rook-ceph-mdsdid not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument--public-addr=podIPis added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) -
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the
mds_cache_memory_limitargument during upgrades. With this update, themds_cache_memory_limitargument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) -
Previously, the coredumps were not generated in the correct location as rook was setting the config option
log_fileto an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of thelog_fileto build the dump path. With this update, rook does not set thelog_fileand keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under/var/log/ceph/. (BZ#1938049) -
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
-
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983)
All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
- See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
-
fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)
-
fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)
-
nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
-
redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)
-
redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)
-
nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing
-
-u- extension (CVE-2020-28851)
-
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)
-
nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)
-
oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)
-
redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
-
openssl: integer overflow in CipherUpdate (CVE-2021-23840)
-
openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
-
nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
-
grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)
-
nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
-
nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
-
ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
-
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
-
html-parse-stringify: Regular Expression DoS (CVE-2021-23346)
-
openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.
Bugs:
-
RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)
-
cluster became offline after apiserver health check (BZ# 1942589)
-
Bugs fixed (https://bugzilla.redhat.com/):
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-04-26-2 macOS Big Sur 11.3
macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.
APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza
Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab
Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher
Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher
CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest
CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University
CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher
curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx
DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher
FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360
Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga
Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro
Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr
Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr
Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett
libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins
libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz
Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing
Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd
NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome
Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago
Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS
SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher
tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher
Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher
WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing
Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.74.0"
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.0"
},
{
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3110"
},
{
"model": "hci bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2410"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.74.0",
"versionStartIncluding": "7.21.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
}
],
"trust": 0.7
},
"cve": "CVE-2020-8285",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-186410",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8285",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8285",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186410",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8285",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl\u0027s FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there\u0027s a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update\nAdvisory ID: RHSA-2021:2479-01\nProduct: Red Hat OpenShift Container Storage\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2479\nIssue date: 2021-06-17\nCVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708\n CVE-2019-3842 CVE-2019-9169 CVE-2019-13012\n CVE-2019-14866 CVE-2019-25013 CVE-2020-8231\n CVE-2020-8284 CVE-2020-8285 CVE-2020-8286\n CVE-2020-8927 CVE-2020-9948 CVE-2020-9951\n CVE-2020-9983 CVE-2020-13434 CVE-2020-13543\n CVE-2020-13584 CVE-2020-13776 CVE-2020-15358\n CVE-2020-24977 CVE-2020-25659 CVE-2020-25678\n CVE-2020-26116 CVE-2020-26137 CVE-2020-27618\n CVE-2020-27619 CVE-2020-27783 CVE-2020-28196\n CVE-2020-29361 CVE-2020-29362 CVE-2020-29363\n CVE-2020-36242 CVE-2021-3139 CVE-2021-3177\n CVE-2021-3326 CVE-2021-3449 CVE-2021-3450\n CVE-2021-3528 CVE-2021-20305 CVE-2021-23239\n CVE-2021-23240 CVE-2021-23336\n====================================================================\n1. Summary:\n\nUpdated images that fix one security issue and several bugs are now\navailable for Red Hat OpenShift Container Storage 4.6.5 on Red Hat\nEnterprise Linux 8 from Red Hat Container Registry. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Container Storage is a highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. (BZ#1959983)\n\nAll users of Red Hat OpenShift Container Storage are advised to pull these\nnew images from the Red Hat Container Registry. \n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25678\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2021-3139\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3528\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-23239\nhttps://access.redhat.com/security/cve/CVE-2021-23240\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND\nQ1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo\nFKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS\nv59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF\nHXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd\n6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN\nkAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC\nL+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG\nsIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz\nV144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO\nAQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT\nRCrstqAM5QQ=DHD0\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data\n(CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets\n(CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing\n- -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported\nbulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via\nshortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n(CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to\ntrigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer\nwith invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n(CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n(CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section. \n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ#\n1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1913444 - RFE Make the source code for the endpoint-metrics-operator public\n1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull\n1927520 - RHACM 2.3.0 images\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application\n1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header\n1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call\n1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n1942589 - cluster became offline after apiserver health check\n1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()\n1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe\n1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command\n1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method\n1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions\n1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id\n1983131 - Defragmenting an etcd member doesn\u0027t reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8285"
},
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162358"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-186410",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8285",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "HACKERONE",
"id": "1045844",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162358",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162362",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160436",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162360",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162629",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186410",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"id": "VAR-202012-1278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:24:45.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8285: FTP wildcard stack overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f796e96235f578fd40fb69123bab0e97"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-8285 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1693",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1693"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212326"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212327"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/apr/51"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"trust": 1.1,
"url": "https://curl.se/docs/cve-2020-8285.html"
},
{
"trust": 1.1,
"url": "https://github.com/curl/curl/issues/6255"
},
{
"trust": 1.1,
"url": "https://hackerone.com/reports/1045844"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2472"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212325."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186410"
},
{
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186410"
},
{
"date": "2020-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-06-17T18:09:26",
"db": "PACKETSTORM",
"id": "163197"
},
{
"date": "2021-06-17T18:34:10",
"db": "PACKETSTORM",
"id": "163209"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789"
},
{
"date": "2021-08-06T14:02:37",
"db": "PACKETSTORM",
"id": "163747"
},
{
"date": "2021-04-28T14:55:56",
"db": "PACKETSTORM",
"id": "162358"
},
{
"date": "2020-12-14T20:15:13.983000",
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-186410"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8285"
},
{
"date": "2024-03-27T15:47:57.647000",
"db": "NVD",
"id": "CVE-2020-8285"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2461-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163188"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "163747"
},
{
"db": "PACKETSTORM",
"id": "162358"
}
],
"trust": 0.2
}
}
VAR-201801-0826
Vulnerability from variot - Updated: 2024-07-23 19:20Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4188-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2018 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2017-5715
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using the "retpoline" compiler feature which allows
indirect branches to be isolated from speculative execution.
CVE-2017-5753
Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.
This specific attack has been named Spectre variant 1
(bounds-check bypass) and is mitigated by identifying vulnerable
code sections (array bounds checking followed by array access) and
replacing the array access with the speculation-safe
array_index_nospec() function.
More use sites will be added over time.
CVE-2017-17975
Tuba Yavuz reported a use-after-free flaw in the USBTV007
audio-video grabber driver. A local user could use this for denial
of service by triggering failure of audio registration.
CVE-2017-18193
Yunlei He reported that the f2fs implementation does not properly
handle extent trees, allowing a local user to cause a denial of
service via an application with multiple threads.
CVE-2017-18216
Alex Chen reported that the OCFS2 filesystem failed to hold a
necessary lock during nodemanager sysfs file operations,
potentially leading to a null pointer dereference. A local user
could use this for denial of service.
CVE-2017-18218
Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet
driver. A local user could use this for denial of service.
CVE-2017-18222
It was reported that the Hisilicon Network Subsystem (HNS) driver
implementation does not properly handle ethtool private flags. A
local user could use this for denial of service or possibly have
other impact.
CVE-2017-18224
Alex Chen reported that the OCFS2 filesystem omits the use of a
semaphore and consequently has a race condition for access to the
extent tree during read operations in DIRECT mode. A local user
could use this for denial of service.
CVE-2017-18241
Yunlei He reported that the f2fs implementation does not properly
initialise its state if the "noflush_merge" mount option is used.
A local user with access to a filesystem mounted with this option
could use this to cause a denial of service.
CVE-2017-18257
It was reported that the f2fs implementation is prone to an infinite
loop caused by an integer overflow in the __get_data_block()
function. A local user can use this for denial of service via
crafted use of the open and fallocate system calls with an
FS_IOC_FIEMAP ioctl.
CVE-2018-1065
The syzkaller tool found a NULL pointer dereference flaw in the
netfilter subsystem when handling certain malformed iptables
rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN
capability (in any user namespace) could use this to cause a denial
of service. Debian disables unprivileged user namespaces by default.
CVE-2018-1066
Dan Aloni reported to Red Hat that the CIFS client implementation
would dereference a null pointer if the server sent an invalid
response during NTLMSSP setup negotiation. This could be used
by a malicious server for denial of service.
CVE-2018-1068
The syzkaller tool found that the 32-bit compatibility layer of
ebtables did not sufficiently validate offset values. On a 64-bit
kernel, a local user with the CAP_NET_ADMIN capability (in any user
namespace) could use this to overwrite kernel memory, possibly
leading to privilege escalation. Debian disables unprivileged user
namespaces by default.
CVE-2018-1092
Wen Xu reported that a crafted ext4 filesystem image would
trigger a null dereference when mounted. A local user able
to mount arbitrary filesystems could use this for denial of
service.
CVE-2018-1093
Wen Xu reported that a crafted ext4 filesystem image could trigger
an out-of-bounds read in the ext4_valid_block_bitmap() function. A
local user able to mount arbitrary filesystems could use this for
denial of service.
CVE-2018-1108
Jann Horn reported that crng_ready() does not properly handle the
crng_init variable states and the RNG could be treated as
cryptographically safe too early after system boot.
CVE-2018-5803
Alexey Kodanev reported that the SCTP protocol did not range-check
the length of chunks to be created. A local or remote user could
use this to cause a denial of service.
CVE-2018-7480
Hou Tao discovered a double-free flaw in the blkcg_init_queue()
function in block/blk-cgroup.c. A local user could use this to cause
a denial of service or have other impact.
CVE-2018-7566
Fan LongFei reported a race condition in the ALSA (sound)
sequencer core, between write and ioctl operations. This could
lead to an out-of-bounds access or use-after-free. A local user
with access to a sequencer device could use this for denial of
service or possibly for privilege escalation.
CVE-2018-7740
Nic Losby reported that the hugetlbfs filesystem's mmap operation
did not properly range-check the file offset. A local user with
access to files on a hugetlbfs filesystem could use this to cause
a denial of service.
CVE-2018-7757
Jason Yan reported a memory leak in the SAS (Serial-Attached
SCSI) subsystem. A local user on a system with SAS devices
could use this to cause a denial of service.
CVE-2018-7995
Seunghun Han reported a race condition in the x86 MCE
(Machine Check Exception) driver. This is unlikely to have
any security impact.
CVE-2018-8087
A memory leak flaw was found in the hwsim_new_radio_nl() function in
the simulated radio testing tool driver for mac80211, allowing a
local user to cause a denial of service.
CVE-2018-8781
Eyal Itkin reported that the udl (DisplayLink) driver's mmap
operation did not properly range-check the file offset. A local
user with access to a udl framebuffer device could exploit this to
overwrite kernel memory, leading to privilege escalation.
CVE-2018-8822
Dr Silvio Cesare of InfoSect reported that the ncpfs client
implementation did not validate reply lengths from the server. An
ncpfs server could use this to cause a denial of service or
remote code execution in the client.
CVE-2018-10323
Wen Xu reported a NULL pointer dereference flaw in the
xfs_bmapi_write() function triggered when mounting and operating a
crafted xfs filesystem image. A local user able to mount arbitrary
filesystems could use this for denial of service.
CVE-2018-1000199
Andy Lutomirski discovered that the ptrace subsystem did not
sufficiently validate hardware breakpoint settings. Local users
can use this to cause a denial of service, or possibly for
privilege escalation, on x86 (amd64 and i386) and possibly other
architectures.
For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2 8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG ux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX 62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD qtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I HztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR 7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV 150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n RlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg ux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX eZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4= =uZGQ -----END PGP SIGNATURE----- . 7) - noarch
- Description:
The linux-firmware packages contain all of the firmware files that are required by various devices to operate. (CVE-2017-5715)
Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Summary:
An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL 7-based RHEV-H ELS - noarch RHEV Hypervisor for RHEL-6 ELS - noarch
- Description:
The rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Security Fix(es):
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)
Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)
Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
Red Hat would like to thank Google Project Zero for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
- Package List:
RHEV Hypervisor for RHEL-6 ELS:
Source: rhev-hypervisor7-7.3-20180102.1.el6ev.src.rpm
noarch: rhev-hypervisor7-7.3-20180102.1.el6ev.noarch.rpm
RHEL 7-based RHEV-H ELS:
Source: rhev-hypervisor7-7.3-20180102.1.el7ev.src.rpm
noarch: rhev-hypervisor7-7.3-20180102.1.el7ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/solutions/3307851 https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5754
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFaT54tXlSAg2UNWIIRAtmzAKCwalCzxETPR1hjx8qr6otIzzp23ACgnSyn faS+MjiDEGEcbe5k+tWw9I8= =V9iL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
The FreeBSD Security Team was notified of the issue in late December and received a briefing under NDA with the original embargo date of January 9th. Since we received relatively late notice of the issue, our ability to provide fixes is delayed.
Meltdown (CVE-2017-5754) ~~~~~~~~~~~~~~~~~~~~~~~~ In terms of priority, the first step is to mitigate against the Meltdown attack (CVE-2017-5754, cited as variant 3 by Project Zero). Work for this is ongoing, but due to the relatively large changes needed, this is going to take a little while. We are currently targeting patches for amd64 being dev complete this week with testing probably running into next week. From there, we hope to give it a short bake time before pushing it into the 11.1-RELEASE branch. Additional work will be required to bring the mitigation to 10.3-RELEASE and 10.4-RELEASE.
The code will be selectable via a tunable which will automatically turn on for modern Intel processors and off for AMD processors (since they are reportedly not vulnerable). Since the fix for Meltdown does incur a performance hit for any transition between user space and kernel space, this could be rather impactful depending on the workload. As such, the tunable can also be overridden by the end-user if they are willing to accept the risk.
Initial work can be tracked at https://reviews.freebsd.org/D13797. Please note this is a work in progress and some stuff is likely to be broken.
Spectre (CVE-2017-5753 and CVE-2017-5715) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When it comes to the Spectre vulnerabilities, it is much harder to sort these out. Variant 1 (CVE-2017-5753) is going to require some static analysis to determine vulnerable use cases that will require barriers to stop speculation from disclosing information it shouldn't. While we haven't done the analysis to determine where we are vulnerable, the number of cases here are supposed to be pretty small. Apparently there have been some Coverity rules developed to help look for these, but we are still evaluating what can be done here.
The other half of Spectre, variant 2 (CVE-2017-5715) is a bit trickier as it affects both normal processes and bhyve. There is a proposed patch for LLVM (https://reviews.llvm.org/D41723) that introduces a concept called 'retpoline' which mitigates this issue. We are likely to pull this into HEAD and 11-STABLE once it hits the LLVM tree. Unfortunately, the currently supported FreeBSD releases are using older versions of LLVM for which we are not sure the LLVM project will produce patches. We will be looking at the feasibility to backport these patches to these earlier versions.
Best regards, Gordon Tetlow with security-officer hat on . ========================================================================== Ubuntu Security Notice USN-3540-2 January 23, 2018
linux-lts-xenial, linux-aws vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were addressed in the Linux kernel.
Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. (CVE-2017-5715, CVE-2017-5753)
USN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. This flaw is known as Meltdown. (CVE-2017-5754)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-4.4.0-1011-aws 4.4.0-1011.11 linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1 linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1 linux-image-aws 4.4.0.1011.11 linux-image-generic-lts-xenial 4.4.0.111.95 linux-image-lowlatency-lts-xenial 4.4.0.111.95 linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95 linux-image-powerpc-smp-lts-xenial 4.4.0.111.95 linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95 linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95
Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2) requires corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. 7) - x86_64
- The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Once all virtual machines have shut down, start them again for this update to take effect.
Bug Fix(es):
-
Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when performed after hot-unplugging a vhost network device. This update fixes the underlying code, and the VFIO device is unplugged correctly in the described circumstances. (BZ#1498146)
-
This specific attack has been named Meltdown and is addressed in the Linux kernel on the powerpc/ppc64el architectures by flushing the L1 data cache on exit from kernel mode to user mode (or from hypervisor to kernel).
This works on Power7, Power8 and Power9 processors. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing .
CVE-2018-5750
An information leak has been found in the Linux kernel. The
acpi_smbus_hc_add() prints a kernel address in the kernel log at every
boot, which could be used by an attacker on the system to defeat kernel
ASLR.
Additionnaly to those vulnerability, some mitigations for CVE-2017-5753 are included in this release.
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-01-23 Last Updated: 2018-01-22
Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE.
Note:
- This issue takes advantage of techniques commonly used in many modern processor architectures.
-
For further information, microprocessor vendors have provided security advisories:
References:
- CVE-2017-5715 - aka Spectre, branch target injection
- CVE-2017-5753 - aka Spectre, bounds check bypass
- CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant DL380 Gen10 Server - To be delivered
- HPE ProLiant DL180 Gen10 Server - To be delivered
- HPE ProLiant DL160 Gen10 Server - To be delivered
- HPE ProLiant DL360 Gen10 Server - To be delivered
- HPE ProLiant ML110 Gen10 Server - To be delivered
- HPE ProLiant DL580 Gen10 Server - To be delivered
- HPE ProLiant DL560 Gen10 Server - To be delivered
- HPE ProLiant DL120 Gen10 Server - To be delivered
- HPE ProLiant ML350 Gen10 Server - To be delivered
- HPE ProLiant XL450 Gen10 Server - To be delivered
- HPE Synergy 660 Gen10 Compute Module - To be delivered
- HPE ProLiant DL385 Gen10 Server - prior to v1.04
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant BL460c Gen10 Server Blade - To be delivered
- HPE ProLiant XL190r Gen10 Server - To be delivered
- HPE ProLiant XL230k Gen10 Server - To be delivered
- HPE Synergy 480 Gen10 Compute Module - To be delivered
- HPE ProLiant XL730f Gen9 Server - To be delivered
- HPE ProLiant XL230a Gen9 Server - To be delivered
- HPE ProLiant XL740f Gen9 Server - To be delivered
- HPE ProLiant XL750f Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen9 Server - To be delivered
- HP ProLiant DL60 Gen9 Server - To be delivered
- HP ProLiant DL160 Gen9 Server - To be delivered
- HPE ProLiant DL360 Gen9 Server - To be delivered
- HP ProLiant DL380 Gen9 Server - To be delivered
- HPE ProLiant XL450 Gen9 Server - To be delivered
- HPE Apollo 4200 Gen9 Server - To be delivered
- HP ProLiant BL460c Gen9 Server Blade - To be delivered
- HP ProLiant ML110 Gen9 Server - To be delivered
- HP ProLiant ML150 Gen9 Server - To be delivered
- HPE ProLiant ML350 Gen9 Server - To be delivered
- HP ProLiant DL120 Gen9 Server - To be delivered
- HPE ProLiant DL560 Gen9 Server - To be delivered
- HP ProLiant BL660c Gen9 Server - To be delivered
- HPE ProLiant ML30 Gen9 Server - To be delivered
- HPE ProLiant XL170r Gen10 Server - To be delivered
- HPE ProLiant DL20 Gen9 Server - To be delivered
- HPE Synergy 660 Gen9 Compute Module - To be delivered
- HPE Synergy 480 Gen9 Compute Module - To be delivered
- HPE ProLiant XL250a Gen9 Server - To be delivered
- HPE ProLiant XL190r Gen9 Server - To be delivered
- HP ProLiant DL80 Gen9 Server - To be delivered
- HPE ProLiant DL180 Gen9 Server - To be delivered
- HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server - To be delivered
- HPE ProLiant WS460c Gen9 Workstation - To be delivered
- HPE ProLiant XL260a Gen9 Server - To be delivered
- HPE Synergy 620 Gen9 Compute Module - To be delivered
- HPE ProLiant DL580 Gen9 Server - To be delivered
- HP ProLiant XL220a Gen8 v2 Server - To be delivered
- HPE Synergy 680 Gen9 Compute Module - To be delivered
- HPE ProLiant m510 Server Cartridge - To be delivered
- HPE ProLiant m710p Server Cartridge - To be delivered
- HPE ProLiant m710x Server Cartridge - To be delivered
- HP ProLiant m710 Server Cartridge - To be delivered
- HP ProLiant DL980 G7 Server - To be delivered
- HPE Synergy Composer - To be delivered
- HPE ProLiant Thin Micro TM200 Server - To be delivered
- HPE ProLiant ML10 v2 Server - To be delivered
- HPE ProLiant m350 Server Cartridge - To be delivered
- HPE ProLiant m300 Server Cartridge - To be delivered
- HPE ProLiant MicroServer Gen8 - To be delivered
- HPE ProLiant ML310e Gen8 v2 Server - To be delivered
- HPE Superdome Flex Server - To be delivered
- HP 3PAR StoreServ File Controller - To be delivered - v3 impacted
- HPE StoreVirtual 3000 File Controller - To be delivered
- HPE StoreEasy 1450 Storage - To be delivered
- HPE StoreEasy 1550 Storage - To be delivered
- HPE StoreEasy 1650 Storage - To be delivered
- HPE StoreEasy 3850 Gateway Storage - To be delivered
- HPE StoreEasy 1850 Storage - To be delivered
- HP ConvergedSystem 700 - To be delivered
- HPE Converged Architecture 700 - To be delivered
- HP ProLiant DL580 Gen8 Server - To be delivered
- HPE Cloudline CL2100 Gen10 Server - To be delivered
- HPE Cloudline CL2200 Gen10 Server - To be delivered
- HPE Cloudline CL3150 G4 Server - To be delivered
- HPE Cloudline CL5200 G3 Server - To be delivered
- HPE Cloudline CL3100 G3 Server - To be delivered
- HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be delivered
- HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be delivered
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5715
8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)
CVE-2017-5753
5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)
CVE-2017-5754
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
On January 11, Intel announced issues with an increased frequency of reboots when using the microcodes they released to address Variant 2 of the Spectre Vulnerability for numerous processors including Broadwell, Haswell, Skylake, Kaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified the root cause of these issues and determined that these microcodes may introduce reboots and other unpredictable system behavior. Due to the severity of the potential issues that may occur when using these microcodes, Intel is now recommending that customers discontinue their use. Additional information is available from Intels Security Exploit Newsroom here: https://newsroom.intel.com/press-kits/security-exploits-intel-products/ . HPE is in alignment with Intel in our recommendation that customers discontinue use of System ROMs including impacted microcodes and revert to earlier System ROM versions.
All System ROMs including impacted microcodes have been removed from the HPE Support Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2 servers as well as HPE Superdome servers for which updated System ROMs had previously been made available. Intel is working on updated microcodes to address these issues, and HPE will validate updated System ROMs including these microcodes and make them available to our customers in the coming weeks.
Mitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities require only OS updates and are not impacted.
-
HPE has provided a customer bulletin https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us with specific instructions to obtain the udpated sytem ROM
-
Note:
- CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a vendor supplied operating system update be applied as well.
- For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only updates of a vendor supplied operating system.
- HPE will continue to add additional products to the list.
HISTORY
Version:1 (rev.1) - 4 January 2018 Initial release
Version:2 (rev.2) - 5 January 2018 Added additional impacted products
Version:3 (rev.3) - 10 January 2018 Added more impacted products
Version:4 (rev.4) - 9 January 2018 Fixed product ID
Version:5 (rev.5) - 18 January 2018 Added additional impacted products
Version:6 (rev.6) - 19 January 2018 updated impacted product list
Version:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for System ROM updates per Intel's guidance on microcode issues
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Summary
VMware vSphere, Workstation and Fusion updates add Hypervisor- Assisted Guest remediation for speculative execution issue.
Notes:
Hypervisor remediation can be classified into the two following categories: - Hypervisor-Specific Remediation (documented in VMSA-2018-0002) - Hypervisor-Assisted Guest Remediation (documented in this advisory)
The ESXi patches and new versions of Workstation and Fusion of this advisory include the Hypervisor-Specific Remediation documented in VMware Security Advisory VMSA-2018-0002.
More information on the types of Hypervisor remediation may be found in VMware Knowledge Base article 52245. Relevant Products
VMware vCenter Server (VC) VMware ESXi (ESXi) VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion)
- Problem Description
New speculative-execution control mechanism for Virtual Machines
Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for Virtual Machines (VMs). As a result, a patched Guest Operating System (Guest OS) can remediate the Branch Target Injection issue (CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.
To remediate CVE-2017-5715 in the Guest OS the following VMware and third party requirements must be met:
VMware Requirements
-
Deploy the updated version of vCenter Server listed in the table (if vCenter Server is used).
-
Deploy the ESXi patches and/or the new versions for Workstation or Fusion listed in the table.
-
Ensure that your VMs are using Hardware Version 9 or higher. For best performance, Hardware Version 11 or higher is recommended. VMware Knowledge Base article 1010675 discusses Hardware Versions.
Third party Requirements
-
Deploy the Guest OS patches for CVE-2017-5715. These patches are to be obtained from your OS vendor.
-
Update the CPU microcode. Additional microcode is needed for your CPU to be able to expose the new MSRs that are used by the patched Guest OS. This microcode should be available from your hardware platform vendor. VMware is providing several versions of the required microcode from INTEL and AMD through ESXi patches listed in the table. See VMware Knowledge Base 52085 for more details.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
VMware Product Running Replace with/ Mitigation Product Version on Severity Apply patch Workaround =========== ======= ======= ======== ============= ==========
VC 6.5 Any Important 6.5 U1e * None VC 6.0 Any Important 6.0 U3d * None VC 5.5 Any Important 5.5 U3g * None
ESXi 6.5 Any Important ESXi650-201801401-BG None ESXi650-201801402-BG ** ESXi 6.0 Any Important ESXi600-201801401-BG None ESXi600-201801402-BG ** ESXi 5.5 Any Important ESXi550-201801401-BG ** None
Workstation 14.x Any Important 14.1.1 None Workstation 12.x Any Important patch planned None
Fusion 10.x OS X Important 10.1.1 None Fusion 8.x OS X Important 8.5.10 None
- The new versions of vCenter Server set restrictions on ESXi hosts joining an Enhanced vMotion Cluster, see VMware Knowledge Base article 52085 for details.
** These ESXi patches install the microcodes if present for your CPU, see VMware Knowledge Base article 52085. Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server 6.5 U1e Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=614&rPId=20950&downloadG roup=VC65U1E
vCenter Server 6.0 U3d Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC60U3D&productId=49 1&rPId=20946
vCenter Server 5.5 U3g Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC55U3G&productId=35 3&rPId=20876
VMware ESXi 6.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/52198 http://kb.vmware.com/kb/52199
VMware ESXi 6.0 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/52205 http://kb.vmware.com/kb/52206
VMware ESXi 5.5 Downloads: https://my.vmware.com/group/vmware/patch Documentation: http://kb.vmware.com/kb/52127
VMware Workstation Pro, Player 14.1.1 Downloads and Documentation: https://www.vmware.com/go/downloadworkstation https://www.vmware.com/go/downloadplayer https://www.vmware.com/support/pubs/ws_pubs.html
VMware Fusion Pro / Fusion 8.5.10, 10.1.1 Downloads and Documentation: https://www.vmware.com/go/downloadfusion https://www.vmware.com/support/pubs/fusion_pubs.html
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
VMware Knowledge Base Article 52085 https://kb.vmware.com/s/article/52085
VMware Knowledge Base Article 1010675 https://kb.vmware.com/s/article/1010675
VMware Knowledge Base article 52245 https://kb.vmware.com/s/article/52245
- Change log
2018-01-09 VMSA-2018-0004 Initial security advisory in conjunction with the release of VMware vCenter Server 5.5 U3g, 6.0 U3d and 6.5 U1e, ESXi 5.5, 6.0, and 6.5 patches, Workstation 14.1.1, and Fusion 10.1.1 and 8.5.10 on 2018-01-09. Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com
bugtraq@securityfocus.com
fulldisclosure@seclists.org
E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog https://blogs.vmware.com/security
Twitter https://twitter.com/VMwareSRC
Copyright 2018 VMware Inc. All rights reserved. 7.3) - ppc64, ppc64le, s390x, x86_64
- Description:
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0826",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5287u"
},
{
"model": "xeon e5 2470 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5540"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2655le"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v3"
},
{
"model": "xeon e3 1270 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6510"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2435m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "875k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5503"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6148"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4980hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360"
},
{
"model": "xeon e5 1660 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3850"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5687"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2617m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5509"
},
{
"model": "xeon e3 1260l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "670"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4422e"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2718"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585l_v5"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3230m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5518"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4005"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3317u"
},
{
"model": "xeon e3 1226 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1241 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v4"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v5"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4900mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3380m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867l"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v3"
},
{
"model": "xeon e-1105c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4012y"
},
{
"model": "xeon e5 1650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670r"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7250"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4722hq"
},
{
"model": "xeon e3 1501m v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y30"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790t"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6154"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220"
},
{
"model": "xeon e5 2448l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2312m"
},
{
"model": "xeon e3 1285l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v4"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8180"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300t"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3405"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3350"
},
{
"model": "xeon e3 1230 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5638"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1750"
},
{
"model": "xeon e5 2403",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6350hq"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6146"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570r"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5550"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6140"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3350p"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5630"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6136"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.6"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4120u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5580"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "820qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2640m"
},
{
"model": "xeon e3 1280 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3680"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y30"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2338"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5122"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4657l_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4158u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4960hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5750hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640um"
},
{
"model": "xeon e3 1230 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v3"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v4"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l7555"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3667u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300y"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3160"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2367m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6102e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3687u"
},
{
"model": "xeon e3 1225 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100u"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5618"
},
{
"model": "xeon e5 2418l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2648l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3827"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610"
},
{
"model": "xeon e5 2618l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2806"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2350m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6200u"
},
{
"model": "xeon e5 2440",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "xeon e5 2603 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7210"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2890_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x6550"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8250u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2348m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4771"
},
{
"model": "xeon e3 1285 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130f"
},
{
"model": "xeon e5 2618l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2618l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1850"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6134"
},
{
"model": "xeon e3 1276 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3460"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1575m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v3"
},
{
"model": "xeon e3 1240 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702mq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4627_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820qm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4807"
},
{
"model": "xeon e5 2407 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712mq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2380p"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2115c"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2520m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2715qe"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3227u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2820"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430um"
},
{
"model": "xeon e5 2430l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860_v2"
},
{
"model": "xeon e5 1620 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2910"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j2900"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1585_v5"
},
{
"model": "xeon e3 1105c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1265l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8550u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "530"
},
{
"model": "xeon e5 2428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4809_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4160t"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2308"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3060"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6157u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2430m"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330m"
},
{
"model": "xeon e3 12201 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3470"
},
{
"model": "xeon e3 1230",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5118"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "930"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4550u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350k"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2850_v2"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3235rk"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2390t"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "350m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2538"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5520"
},
{
"model": "xeon e5 2418l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700t"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "390m"
},
{
"model": "xeon e3 1290 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330um"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2940"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2649m"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4200"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5504"
},
{
"model": "xeon e3 1245 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5508"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3820qm"
},
{
"model": "xeon e3 1280 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1281 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2560"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8156"
},
{
"model": "xeon e3 1268l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3455"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2960xm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4020y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820eq"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y51"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5520"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5300u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w"
},
{
"model": "xeon e5 1660",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1680 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5506"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5649"
},
{
"model": "xeon e3 1275 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130"
},
{
"model": "xeon e5 2420",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790"
},
{
"model": "xeon e3 1230 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6402p"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8830"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330"
},
{
"model": "xeon e5 1428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2720qm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5539"
},
{
"model": "xeon e5 1660 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4800mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3540m"
},
{
"model": "xeon e3 1505m v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1800"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4603"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675r"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2350"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2758"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3338"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3225"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4860hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775c"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3710"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3520"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3439y"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y75"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4278u"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2820"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3537u"
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y57"
},
{
"model": "xeon e3 1271 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1286 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4648_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5675c"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "480m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "740qm"
},
{
"model": "core m3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7y32"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4950hq"
},
{
"model": "xeon e3 1286l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2657m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8400"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7290"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3530"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "610e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2620m"
},
{
"model": "xeon bronze 3104",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1230 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1280 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5119t"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6148f"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3150"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3110m"
},
{
"model": "xeon e3 1270 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620le"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "950"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658a_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2328m"
},
{
"model": "xeon e5 2630",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "661"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380um"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "650"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5120"
},
{
"model": "xeon e3 1240l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4130t"
},
{
"model": "xeon e5 2630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120m"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3000"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3520m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5675"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v3"
},
{
"model": "xeon e5 1428l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2608l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "15"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5775r"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3308"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5640"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4150"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hk"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1565l_v5"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8857_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v2"
},
{
"model": "xeon e5 2620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3426"
},
{
"model": "xeon e3 12201",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4308u"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8168"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3758"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "760"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2650l_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4578u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v4"
},
{
"model": "xeon e3 1505l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "965"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2540m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210u"
},
{
"model": "xeon e5 2418l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5120t"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "73"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702ec"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2807"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2730"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3630qm"
},
{
"model": "xeon e5 2640 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3958"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4765t"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3508"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v2"
},
{
"model": "xeon e5 2608l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "550"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3220t"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4109t"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3010"
},
{
"model": "xeon e3 1285l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2105"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4510u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770k"
},
{
"model": "xeon e3 1268l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2815"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2808"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217ue"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8100"
},
{
"model": "xeon e5 1650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3845"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v4"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6167u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2515e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5157u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610y"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3337u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "580m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750"
},
{
"model": "xeon e5 1428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240t"
},
{
"model": "xeon e5 2650l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4910mq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3740qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4870hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3785"
},
{
"model": "xeon e5 2630 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4025u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2635qm"
},
{
"model": "xeon e3 1285 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3229y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4102e"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5667"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v3"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4820"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770t"
},
{
"model": "xeon e5 2628l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850"
},
{
"model": "xeon e3 1258l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4302y"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "330e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3339y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8700k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5645"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8650u"
},
{
"model": "xeon e3 1220 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3240"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2557m"
},
{
"model": "core m7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y75"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "380m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620lm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5506"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8867_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6267u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7540"
},
{
"model": "xeon e3 1260l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3840qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5250u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2357m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670k"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2760"
},
{
"model": "xeon e3 1225 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2930"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3825"
},
{
"model": "xeon e3 1245 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2609 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2695_v4"
},
{
"model": "xeon e5 2448l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3805"
},
{
"model": "xeon e5 2609 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3580"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6287u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v3"
},
{
"model": "xeon e5 1660 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e6540"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1535m_v6"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5020u"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3955"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "970"
},
{
"model": "xeon e5 2403 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2643 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330te"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500te"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5647"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920xm"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3120me"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5015u"
},
{
"model": "xeon e5 2407",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2537m"
},
{
"model": "xeon e3 1501l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4220y"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650l"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7560"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100te"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "ec5549"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700hq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300m"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3826"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100e"
},
{
"model": "xeon e5 2470",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700ec"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2810"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5850hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735g"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770k"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6500t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2320"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2530"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6400"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600s"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3480"
},
{
"model": "xeon e5 2650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y71"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3245"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4410e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6685r"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880l_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5560"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5650"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v3"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3450"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5575r"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2550k"
},
{
"model": "xeon e5 2430",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736g"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2803"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2100t"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3795"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700mq"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4202y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7660u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5005u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3612qe"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5672"
},
{
"model": "xeon e5 2430 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4250u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7920hq"
},
{
"model": "xeon e3 1245",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3437u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4720hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v2"
},
{
"model": "xeon e5 2650l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2518"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j1900"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699a_v4"
},
{
"model": "xeon e5 2603 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2628l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1278l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8160f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4702hq"
},
{
"model": "xeon e5 2620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6144"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3200rk"
},
{
"model": "xeon e3 1240 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6y54"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350t"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7210f"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3130m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qm"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10a"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5570"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "870s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2405s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550s"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5660"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v4"
},
{
"model": "xeon e5 2643 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010y"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8153"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3130"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3689y"
},
{
"model": "xeon e3 1270",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v3"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3708"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "840qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v4"
},
{
"model": "xeon e3 1245 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2408l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2358"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2710qe"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3540"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v4"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "57"
},
{
"model": "xeon e5 2428l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "560m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2375m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200h"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7542"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620"
},
{
"model": "xeon e5 2640",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4810mq"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2920"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4830"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210h"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4360t"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "370m"
},
{
"model": "xeon e5 1680 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112e"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3060"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697a_v4"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6152"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "680"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350h"
},
{
"model": "xeon e3 1220l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4607"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745"
},
{
"model": "xeon e5 2428l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5640"
},
{
"model": "xeon e5 2637 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2677m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5500u"
},
{
"model": "xeon e3 1240 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4617"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4667_v4"
},
{
"model": "xeon e3 1275 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600k"
},
{
"model": "xeon e3 1275l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "975"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4000m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "920"
},
{
"model": "xeon e5 2637 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v2"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3450"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402e"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600"
},
{
"model": "xeon e5 2650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8164"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5530"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2697_v4"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3808"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8158"
},
{
"model": "atom x7-e3950",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4260u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6360u"
},
{
"model": "xeon e3 1220 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v3"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3538"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2760qm"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3710"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2300"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2508"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3445"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7235"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3670"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4114"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4690s"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4710mq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735e"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8170m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5680"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2460"
},
{
"model": "xeon e5 2620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8860_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610me"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6130t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3475s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8600k"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3775d"
},
{
"model": "xeon e3 1125c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4005u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2610ue"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7820hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517ue"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870_v2"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4330t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210y"
},
{
"model": "xeon e5 2648l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2700k"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4600u"
},
{
"model": "xeon e5 1650 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310u"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "75"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6138f"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860s"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3115c"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660lm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4785t"
},
{
"model": "xeon e3 1230l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870"
},
{
"model": "xeon e3 1270 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4288u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2637m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3570"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2316"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2125"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3330s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590t"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6600t"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y70"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5609"
},
{
"model": "xeon e5 2609",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2630l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1558l_v5"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2629m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5600u"
},
{
"model": "xeon bronze 3106",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "980x"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4760hq"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3770d"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "460m"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3355"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126t"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3590"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4350"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5700hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600k"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2516"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4210m"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5677"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4110m"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8890_v4"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5502"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5620"
},
{
"model": "xeon e5 2440 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6128"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3210m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770r"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3858"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v4"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4100"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300hq"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5606"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2580"
},
{
"model": "xeon e5 2623 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4500u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770te"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3615qe"
},
{
"model": "xeon e3 1290",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y31"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "9"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7560u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5950hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v3"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4205"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "640lm"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2880_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v4"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w5590"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4170t"
},
{
"model": "xeon e5 2450l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3360m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4310m"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3558"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "450m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700hq"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4628l_v4"
},
{
"model": "xeon e5 1620 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2870"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8894_v4"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.1.32"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2130"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1545m_v5"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6140m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2630qm"
},
{
"model": "xeon e3 1240 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom x5-e3930",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2637 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2102"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2750"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2510e"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6320"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2860qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4660_v3"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3205rk"
},
{
"model": "simatic winac rtx \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7520"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n4000"
},
{
"model": "core m",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5y10c"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3530"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4430"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "960"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030y"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2675qm"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7700"
},
{
"model": "xeon e3 1285 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2600"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660_v3"
},
{
"model": "xeon e5 2630l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4890_v2"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5115"
},
{
"model": "xeon e3 1231 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3450s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2467m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2450p"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l5630"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570s"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3736f"
},
{
"model": "xeon e5 2603",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7600u"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "lc5518"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3470t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3517u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8870_v3"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7290f"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6006u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5350u"
},
{
"model": "xeon e5 2650",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120t"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2683_v4"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v2"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4712hq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5650u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5257u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100u"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7230"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670_v3"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2830"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3250"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660ue"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6585r"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620um"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8350u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "990x"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2665"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "750s"
},
{
"model": "xeon platinum",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8176m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5550u"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6132"
},
{
"model": "xeon e3 1280",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2450l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340te"
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j4105"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4590"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3555le"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3440"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2840"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126"
},
{
"model": "xeon e3 1125c v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1225 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1275 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330e"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4669_v3"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l3406"
},
{
"model": "xeon e3 1505l v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3950"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "430m"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2520"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3430"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1578l_v5"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699r_v4"
},
{
"model": "xeon e5 2628l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5603"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4108"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "540"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670s"
},
{
"model": "xeon e5 1630 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4116"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3750"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500k"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5530"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3635qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4670t"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3560"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3050"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "720qm"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3340m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6100h"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2738"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6442eq"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4790s"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2377m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "880"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7500u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "860"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3510"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2310e"
},
{
"model": "atom e",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e3815"
},
{
"model": "xeon e5 2648l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2420"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3295rk"
},
{
"model": "celeron n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n2805"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "470um"
},
{
"model": "xeon e5 1620",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2640 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2410m"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "17"
},
{
"model": "xeon e3 1235l v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520um"
},
{
"model": "xeon e5 2643 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5670"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8891_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3720qm"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e7530"
},
{
"model": "xeon e3 1240",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1220 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2120"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4400e"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3770s"
},
{
"model": "atom x5-e3940",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4030u"
},
{
"model": "xeon e5 2648l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4340m"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2687w_v4"
},
{
"model": "xeon e5 1650 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1235",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2430l",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2400s"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4880_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6300u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5200u"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8837"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5557u"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4750hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6098p"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2690_v2"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4624l_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "520m"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3320m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4558u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3427u"
},
{
"model": "pentium j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j2850"
},
{
"model": "xeon e3 1270 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "celeron j",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "j3160"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6260u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2660"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x5690"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2698_v4"
},
{
"model": "xeon e5 2450",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2438l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4258u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2330m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4010u"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570t"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8850_v2"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850_v3"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7230f"
},
{
"model": "xeon e5 2630l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4460"
},
{
"model": "xeon e3 1265l v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7295"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3460"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7567u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4640_v2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x3480"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "w3690"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3265rk"
},
{
"model": "xeon e3 1280 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5607"
},
{
"model": "xeon e5 2623 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2680_v4"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "940xm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4650_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2340ue"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6134m"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "5010u"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v2"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4300u"
},
{
"model": "xeon e3 1220",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4100m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6126f"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3550"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3610qe"
},
{
"model": "xeon silver",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4112"
},
{
"model": "xeon e3 1265l v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z2480"
},
{
"model": "communications diameter signaling router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735f"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500s"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2667"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3570t"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2670qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2699_v3"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "xeon e3 1240l v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2550"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "e5507"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3740d"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4620_v3"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "660um"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4850hq"
},
{
"model": "xeon e5 2603 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2920xm"
},
{
"model": "xeon e5 2609 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e3 1245 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3830"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3735d"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3632qm"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2658_v3"
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7285"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "xeon e5 2420 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570te"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6440eq"
},
{
"model": "xeon e5 1630 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8880_v3"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2500t"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1515m_v5"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6150"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "lc5528"
},
{
"model": "xeon e3 1220 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2650 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 1620 v2",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "655k"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4370t"
},
{
"model": "vm virtualbox",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"model": "atom x3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c3230rk"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4200y"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "l7545"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4440s"
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4570"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "8893_v4"
},
{
"model": "cortex-a",
"scope": "eq",
"trust": 1.0,
"vendor": "arm",
"version": "72"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4700eq"
},
{
"model": "xeon",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "x7550"
},
{
"model": "atom c",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "c2558"
},
{
"model": "xeon e3 1275 v5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon e5 2637",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "7250f"
},
{
"model": "xeon e7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2830"
},
{
"model": "xeon e3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "1505m_v6"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4610_v3"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "3217u"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2365m"
},
{
"model": "pentium n",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "n3700"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620m"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4770hq"
},
{
"model": "core i3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "2370m"
},
{
"model": "xeon e3 1246 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "core i5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4402ec"
},
{
"model": "xeon gold",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "6142f"
},
{
"model": "xeon e5",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "4655_v3"
},
{
"model": "atom z",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "z3745d"
},
{
"model": "core i7",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "620ue"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qualcomm incorporated",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "vmware",
"version": null
},
{
"model": "windows sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "7"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "11"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "v8"
},
{
"model": "windows",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "10"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "0"
},
{
"model": "xeon cpu e5-1650",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "v3"
},
{
"model": "cortex a57",
"scope": null,
"trust": 0.6,
"vendor": "arm",
"version": null
},
{
"model": "pro a8-9600 r7",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
},
{
"model": "compute cores 4c+6g",
"scope": "eq",
"trust": 0.6,
"vendor": "amd",
"version": "10"
},
{
"model": "fx -8320 eight-core processor",
"scope": null,
"trust": 0.6,
"vendor": "amd",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:73:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.1.32",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.6",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "145665"
},
{
"db": "PACKETSTORM",
"id": "145717"
},
{
"db": "PACKETSTORM",
"id": "145650"
},
{
"db": "PACKETSTORM",
"id": "145653"
},
{
"db": "PACKETSTORM",
"id": "146002"
},
{
"db": "PACKETSTORM",
"id": "145708"
},
{
"db": "PACKETSTORM",
"id": "145671"
}
],
"trust": 0.7
},
"cve": "CVE-2017-5715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2018-00302",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-113918",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5715",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as \"Variant 3a\" and \"Variant 4\". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \\\"melts\\\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \\\"cross-border\\\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4188-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193\n CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224\n CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066\n CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108\n CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740\n CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781\n CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the \"retpoline\" compiler feature which allows\n indirect branches to be isolated from speculative execution. \n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system. \n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function. \n\n More use sites will be added over time. \n\nCVE-2017-17975\n\n Tuba Yavuz reported a use-after-free flaw in the USBTV007\n audio-video grabber driver. A local user could use this for denial\n of service by triggering failure of audio registration. \n\nCVE-2017-18193\n\n Yunlei He reported that the f2fs implementation does not properly\n handle extent trees, allowing a local user to cause a denial of\n service via an application with multiple threads. \n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service. \n\nCVE-2017-18218\n\n Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet\n driver. A local user could use this for denial of service. \n\nCVE-2017-18222\n\n It was reported that the Hisilicon Network Subsystem (HNS) driver\n implementation does not properly handle ethtool private flags. A\n local user could use this for denial of service or possibly have\n other impact. \n\nCVE-2017-18224\n\n Alex Chen reported that the OCFS2 filesystem omits the use of a\n semaphore and consequently has a race condition for access to the\n extent tree during read operations in DIRECT mode. A local user\n could use this for denial of service. \n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the \"noflush_merge\" mount option is used. \n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service. \n\nCVE-2017-18257\n\n It was reported that the f2fs implementation is prone to an infinite\n loop caused by an integer overflow in the __get_data_block()\n function. A local user can use this for denial of service via\n crafted use of the open and fallocate system calls with an\n FS_IOC_FIEMAP ioctl. \n\nCVE-2018-1065\n\n The syzkaller tool found a NULL pointer dereference flaw in the\n netfilter subsystem when handling certain malformed iptables\n rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN\n capability (in any user namespace) could use this to cause a denial\n of service. Debian disables unprivileged user namespaces by default. \n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service. \n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default. \n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service. \n\nCVE-2018-1093\n\n Wen Xu reported that a crafted ext4 filesystem image could trigger\n an out-of-bounds read in the ext4_valid_block_bitmap() function. A\n local user able to mount arbitrary filesystems could use this for\n denial of service. \n\nCVE-2018-1108\n\n Jann Horn reported that crng_ready() does not properly handle the\n crng_init variable states and the RNG could be treated as\n cryptographically safe too early after system boot. \n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service. \n\nCVE-2018-7480\n\n Hou Tao discovered a double-free flaw in the blkcg_init_queue()\n function in block/blk-cgroup.c. A local user could use this to cause\n a denial of service or have other impact. \n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation. \n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem\u0027s mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service. \n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service. \n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact. \n\nCVE-2018-8087\n\n A memory leak flaw was found in the hwsim_new_radio_nl() function in\n the simulated radio testing tool driver for mac80211, allowing a\n local user to cause a denial of service. \n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver\u0027s mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation. \n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client. \n\nCVE-2018-10323\n\n Wen Xu reported a NULL pointer dereference flaw in the\n xfs_bmapi_write() function triggered when mounting and operating a\n crafted xfs filesystem image. A local user able to mount arbitrary\n filesystems could use this for denial of service. \n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.88-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2\n8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG\nux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX\n62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD\nqtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I\nHztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR\n7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV\n150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n\nRlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg\nux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX\neZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4=\n=uZGQ\n-----END PGP SIGNATURE-----\n. 7) - noarch\n\n3. Description:\n\nThe linux-firmware packages contain all of the firmware files that are\nrequired by various devices to operate. (CVE-2017-5715)\n\nNote: This is the microcode counterpart of the CVE-2017-5715 kernel\nmitigation. Summary:\n\nAn update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and\nAgents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents\nfor Red Hat Enterprise Linux 7 ELS. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 7-based RHEV-H ELS - noarch\nRHEV Hypervisor for RHEL-6 ELS - noarch\n\n3. Description:\n\nThe rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent. \n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a commonly\nused performance optimization). There are three primary variants of the\nissue which differ in the way the speculative execution can be exploited. \n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software mitigation\nfor this hardware issue at a cost of potential performance penalty. Please\nrefer to References section for further information about this issue and\nthe performance impact. \n\nVariant CVE-2017-5753 triggers the speculative execution by performing a\nbounds-check bypass. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. It relies on the presence of a precisely-defined\ninstruction sequence in the privileged code as well as the fact that memory\naccesses may cause allocation into the microprocessor\u0027s data cache even for\nspeculatively executed instructions that never actually commit (retire). As\na result, an unprivileged attacker could use this flaw to cross the syscall\nand guest/host boundaries and read privileged memory by conducting targeted\ncache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors,\nduring speculative execution of instruction permission faults, exception\ngeneration triggered by a faulting access is suppressed until the\nretirement of the whole instruction block. In a combination with the fact\nthat memory accesses may populate the cache even when the block is being\ndropped and never committed (executed), an unprivileged local attacker\ncould use this flaw to read privileged (kernel space) memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue. \n\nRed Hat would like to thank Google Project Zero for reporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass\n1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection\n1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling\n\n6. Package List:\n\nRHEV Hypervisor for RHEL-6 ELS:\n\nSource:\nrhev-hypervisor7-7.3-20180102.1.el6ev.src.rpm\n\nnoarch:\nrhev-hypervisor7-7.3-20180102.1.el6ev.noarch.rpm\n\nRHEL 7-based RHEV-H ELS:\n\nSource:\nrhev-hypervisor7-7.3-20180102.1.el7ev.src.rpm\n\nnoarch:\nrhev-hypervisor7-7.3-20180102.1.el7ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://access.redhat.com/solutions/3307851\nhttps://access.redhat.com/security/cve/CVE-2017-5753\nhttps://access.redhat.com/security/cve/CVE-2017-5715\nhttps://access.redhat.com/security/cve/CVE-2017-5754\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFaT54tXlSAg2UNWIIRAtmzAKCwalCzxETPR1hjx8qr6otIzzp23ACgnSyn\nfaS+MjiDEGEcbe5k+tWw9I8=\n=V9iL\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. By now, we\u0027re sure most everyone have heard of the Meltdown and Spectre\nattacks. If not, head over to https://meltdownattack.com/ and get an\noverview. \nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\n\nThe FreeBSD Security Team was notified of the issue in late December\nand received a briefing under NDA with the original embargo date of\nJanuary 9th. Since we received relatively late notice of the issue, our\nability to provide fixes is delayed. \n\nMeltdown (CVE-2017-5754)\n~~~~~~~~~~~~~~~~~~~~~~~~\nIn terms of priority, the first step is to mitigate against the Meltdown\nattack (CVE-2017-5754, cited as variant 3 by Project Zero). Work for\nthis is ongoing, but due to the relatively large changes needed, this is\ngoing to take a little while. We are currently targeting patches for\namd64 being dev complete this week with testing probably running into\nnext week. From there, we hope to give it a short bake time before\npushing it into the 11.1-RELEASE branch. Additional work will be\nrequired to bring the mitigation to 10.3-RELEASE and 10.4-RELEASE. \n\nThe code will be selectable via a tunable which will automatically turn\non for modern Intel processors and off for AMD processors (since they\nare reportedly not vulnerable). Since the fix for Meltdown does incur a\nperformance hit for any transition between user space and kernel space,\nthis could be rather impactful depending on the workload. As such, the\ntunable can also be overridden by the end-user if they are willing to\naccept the risk. \n\nInitial work can be tracked at https://reviews.freebsd.org/D13797. \nPlease note this is a work in progress and some stuff is likely to be\nbroken. \n\nSpectre (CVE-2017-5753 and CVE-2017-5715)\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nWhen it comes to the Spectre vulnerabilities, it is much harder to sort\nthese out. Variant 1 (CVE-2017-5753) is going to require some static\nanalysis to determine vulnerable use cases that will require barriers to\nstop speculation from disclosing information it shouldn\u0027t. While we\nhaven\u0027t done the analysis to determine where we are vulnerable, the\nnumber of cases here are supposed to be pretty small. Apparently there\nhave been some Coverity rules developed to help look for these, but we\nare still evaluating what can be done here. \n\nThe other half of Spectre, variant 2 (CVE-2017-5715) is a bit trickier\nas it affects both normal processes and bhyve. There is a proposed patch\nfor LLVM (https://reviews.llvm.org/D41723) that introduces a concept\ncalled \u0027retpoline\u0027 which mitigates this issue. We are likely to pull\nthis into HEAD and 11-STABLE once it hits the LLVM tree. Unfortunately,\nthe currently supported FreeBSD releases are using older versions of\nLLVM for which we are not sure the LLVM project will produce patches. We\nwill be looking at the feasibility to backport these patches to these\nearlier versions. \n\nBest regards,\nGordon Tetlow\nwith security-officer hat on\n. \n==========================================================================\nUbuntu Security Notice USN-3540-2\nJanuary 23, 2018\n\nlinux-lts-xenial, linux-aws vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were addressed in the Linux kernel. \n\nSoftware Description:\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty\n\nDetails:\n\nUSN-3540-1 addressed vulnerabilities in the Linux kernel for Ubuntu\n16.04 LTS. This update provides the corresponding updates for the\nLinux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for\nUbuntu 14.04 LTS. This update provides mitigations for the\ni386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. \n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n16.04 LTS for Ubuntu 14.04 LTS. This update provides the corresponding\nmitigations for the ppc64el architecture. This flaw is known as Meltdown. (CVE-2017-5754)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-4.4.0-1011-aws 4.4.0-1011.11\n linux-image-4.4.0-111-generic 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-lowlatency 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-e500mc 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc-smp 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-emb 4.4.0-111.134~14.04.1\n linux-image-4.4.0-111-powerpc64-smp 4.4.0-111.134~14.04.1\n linux-image-aws 4.4.0.1011.11\n linux-image-generic-lts-xenial 4.4.0.111.95\n linux-image-lowlatency-lts-xenial 4.4.0.111.95\n linux-image-powerpc-e500mc-lts-xenial 4.4.0.111.95\n linux-image-powerpc-smp-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-emb-lts-xenial 4.4.0.111.95\n linux-image-powerpc64-smp-lts-xenial 4.4.0.111.95\n\nPlease note that fully mitigating CVE-2017-5715 (Spectre Variant 2)\nrequires corresponding processor microcode/firmware updates or,\nin virtual environments, hypervisor updates. On i386 and amd64\narchitectures, the IBRS and IBPB features are required to enable the\nkernel mitigations. Ubuntu users with a processor from a different vendor should\ncontact the vendor to identify necessary firmware updates. Ubuntu\nwill provide corresponding QEMU updates in the future for users of\nself-hosted virtual environments in coordination with upstream QEMU. \nUbuntu users in cloud environments should contact the cloud provider\nto confirm that the hypervisor has been updated to expose the new\nCPU features to virtual machines. 7) - x86_64\n\n3. The qemu-kvm package provides the\nuser-space component for running virtual machines that use KVM. Once\nall virtual machines have shut down, start them again for this update to\ntake effect. \n\nBug Fix(es):\n\n* Hot-unplugging Virtual Function I/O (VFIO) devices previously failed when\nperformed after hot-unplugging a vhost network device. This update fixes\nthe underlying code, and the VFIO device is unplugged correctly in the\ndescribed circumstances. (BZ#1498146)\n\n4. \n\n This specific attack has been named Meltdown and is addressed in the\n Linux kernel on the powerpc/ppc64el architectures by flushing the L1\n data cache on exit from kernel mode to user mode (or from hypervisor to\n kernel). \n \n This works on Power7, Power8 and Power9 processors. Memory protections ensuring user-provided buffers always\n point to userland memory were disabled, allowing . \n\nCVE-2018-5750\n\n An information leak has been found in the Linux kernel. The\n acpi_smbus_hc_add() prints a kernel address in the kernel log at every\n boot, which could be used by an attacker on the system to defeat kernel\n ASLR. \n\nAdditionnaly to those vulnerability, some mitigations for CVE-2017-5753 are\nincluded in this release. \n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-01-23\nLast Updated: 2018-01-22\n\nPotential Security Impact: Local: Disclosure of Information, Elevation of\nPrivilege\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nOn January 3 2018, side-channel security vulnerabilities involving\nspeculative execution were publicly disclosed. These vulnerabilities may\nimpact the listed HPE products, potentially leading to information disclosure\nand elevation of privilege. Mitigation and resolution of these\nvulnerabilities may call for both an operating system update, provided by the\nOS vendor, and a system ROM update from HPE. \n\n\n**Note:**\n\n * This issue takes advantage of techniques commonly used in many modern\nprocessor architectures. \n * For further information, microprocessor vendors have provided security\nadvisories:\n \n - Intel:\n\u003chttps://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu\ngeid=en-fr\u003e\n - AMD: \u003chttp://www.amd.com/en/corporate/speculative-execution\u003e\n - ARM: \u003chttps://developer.arm.com/support/security-update\u003e\n\nReferences:\n\n - CVE-2017-5715 - aka Spectre, branch target injection\n - CVE-2017-5753 - aka Spectre, bounds check bypass\n - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access\npermission check performed after kernel memory read\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant DL380 Gen10 Server - To be delivered\n - HPE ProLiant DL180 Gen10 Server - To be delivered\n - HPE ProLiant DL160 Gen10 Server - To be delivered\n - HPE ProLiant DL360 Gen10 Server - To be delivered\n - HPE ProLiant ML110 Gen10 Server - To be delivered\n - HPE ProLiant DL580 Gen10 Server - To be delivered\n - HPE ProLiant DL560 Gen10 Server - To be delivered\n - HPE ProLiant DL120 Gen10 Server - To be delivered\n - HPE ProLiant ML350 Gen10 Server - To be delivered\n - HPE ProLiant XL450 Gen10 Server - To be delivered\n - HPE Synergy 660 Gen10 Compute Module - To be delivered\n - HPE ProLiant DL385 Gen10 Server - prior to v1.04 \n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant BL460c Gen10 Server Blade - To be delivered\n - HPE ProLiant XL190r Gen10 Server - To be delivered\n - HPE ProLiant XL230k Gen10 Server - To be delivered\n - HPE Synergy 480 Gen10 Compute Module - To be delivered\n - HPE ProLiant XL730f Gen9 Server - To be delivered\n - HPE ProLiant XL230a Gen9 Server - To be delivered\n - HPE ProLiant XL740f Gen9 Server - To be delivered\n - HPE ProLiant XL750f Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen9 Server - To be delivered\n - HP ProLiant DL60 Gen9 Server - To be delivered\n - HP ProLiant DL160 Gen9 Server - To be delivered\n - HPE ProLiant DL360 Gen9 Server - To be delivered\n - HP ProLiant DL380 Gen9 Server - To be delivered\n - HPE ProLiant XL450 Gen9 Server - To be delivered\n - HPE Apollo 4200 Gen9 Server - To be delivered\n - HP ProLiant BL460c Gen9 Server Blade - To be delivered\n - HP ProLiant ML110 Gen9 Server - To be delivered\n - HP ProLiant ML150 Gen9 Server - To be delivered\n - HPE ProLiant ML350 Gen9 Server - To be delivered\n - HP ProLiant DL120 Gen9 Server - To be delivered\n - HPE ProLiant DL560 Gen9 Server - To be delivered\n - HP ProLiant BL660c Gen9 Server - To be delivered\n - HPE ProLiant ML30 Gen9 Server - To be delivered\n - HPE ProLiant XL170r Gen10 Server - To be delivered\n - HPE ProLiant DL20 Gen9 Server - To be delivered\n - HPE Synergy 660 Gen9 Compute Module - To be delivered\n - HPE Synergy 480 Gen9 Compute Module - To be delivered\n - HPE ProLiant XL250a Gen9 Server - To be delivered\n - HPE ProLiant XL190r Gen9 Server - To be delivered\n - HP ProLiant DL80 Gen9 Server - To be delivered\n - HPE ProLiant DL180 Gen9 Server - To be delivered\n - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server -\nTo be delivered\n - HPE ProLiant WS460c Gen9 Workstation - To be delivered\n - HPE ProLiant XL260a Gen9 Server - To be delivered\n - HPE Synergy 620 Gen9 Compute Module - To be delivered\n - HPE ProLiant DL580 Gen9 Server - To be delivered\n - HP ProLiant XL220a Gen8 v2 Server - To be delivered\n - HPE Synergy 680 Gen9 Compute Module - To be delivered\n - HPE ProLiant m510 Server Cartridge - To be delivered\n - HPE ProLiant m710p Server Cartridge - To be delivered\n - HPE ProLiant m710x Server Cartridge - To be delivered\n - HP ProLiant m710 Server Cartridge - To be delivered\n - HP ProLiant DL980 G7 Server - To be delivered\n - HPE Synergy Composer - To be delivered\n - HPE ProLiant Thin Micro TM200 Server - To be delivered\n - HPE ProLiant ML10 v2 Server - To be delivered\n - HPE ProLiant m350 Server Cartridge - To be delivered\n - HPE ProLiant m300 Server Cartridge - To be delivered\n - HPE ProLiant MicroServer Gen8 - To be delivered\n - HPE ProLiant ML310e Gen8 v2 Server - To be delivered\n - HPE Superdome Flex Server - To be delivered\n - HP 3PAR StoreServ File Controller - To be delivered - v3 impacted\n - HPE StoreVirtual 3000 File Controller - To be delivered\n - HPE StoreEasy 1450 Storage - To be delivered\n - HPE StoreEasy 1550 Storage - To be delivered\n - HPE StoreEasy 1650 Storage - To be delivered\n - HPE StoreEasy 3850 Gateway Storage - To be delivered\n - HPE StoreEasy 1850 Storage - To be delivered\n - HP ConvergedSystem 700 - To be delivered\n - HPE Converged Architecture 700 - To be delivered\n - HP ProLiant DL580 Gen8 Server - To be delivered\n - HPE Cloudline CL2100 Gen10 Server - To be delivered\n - HPE Cloudline CL2200 Gen10 Server - To be delivered\n - HPE Cloudline CL3150 G4 Server - To be delivered\n - HPE Cloudline CL5200 G3 Server - To be delivered\n - HPE Cloudline CL3100 G3 Server - To be delivered\n - HPE Cloudline CL2100 G3 807S 8 SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 407S 4 LFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2100 G3 806R 8SFF Configure-to-order Server - To be\ndelivered\n - HPE Cloudline CL2200 G3 1211R 12 LFF Configure-to-order Server - To be\ndelivered\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5715\n 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N\n 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N)\n\n CVE-2017-5753\n 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\n 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2017-5754\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\n 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nOn January 11, Intel announced issues with an increased frequency of reboots\nwhen using the microcodes they released to address Variant 2 of the Spectre\nVulnerability for numerous processors including Broadwell, Haswell, Skylake,\nKaby Lake, Ivybridge, and Sandybridge processors. Intel has now identified\nthe root cause of these issues and determined that these microcodes may\nintroduce reboots and other unpredictable system behavior. Due to the\nseverity of the potential issues that may occur when using these microcodes,\nIntel is now recommending that customers discontinue their use. Additional\ninformation is available from Intels Security Exploit Newsroom here:\n\u003chttps://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e . \nHPE is in alignment with Intel in our recommendation that customers\ndiscontinue use of System ROMs including impacted microcodes and revert to\nearlier System ROM versions. \n\nAll System ROMs including impacted microcodes have been removed from the HPE\nSupport Site. This impacts HPE ProLiant and Synergy Gen10, Gen9, and Gen8 v2\nservers as well as HPE Superdome servers for which updated System ROMs had\npreviously been made available. Intel is working on updated microcodes to\naddress these issues, and HPE will validate updated System ROMs including\nthese microcodes and make them available to our customers in the coming\nweeks. \n\nMitigations for Variant 1 (Spectre) and Variant 3 (Meltdown) vulnerabilities\nrequire only OS updates and are not impacted. \n\n * HPE has provided a customer bulletin\n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us\u003e\nwith specific instructions to obtain the udpated sytem ROM\n \n - Note:\n \n + CVE-2017-5715 (Variant 2) requires that the System ROM be updated and a\nvendor supplied operating system update be applied as well. \n + For CVE-2017-5753, CVE-2017-5754 (Variants 1 and 3) require only\nupdates of a vendor supplied operating system. \n + HPE will continue to add additional products to the list. \n\nHISTORY\n\nVersion:1 (rev.1) - 4 January 2018 Initial release\n\nVersion:2 (rev.2) - 5 January 2018 Added additional impacted products\n\nVersion:3 (rev.3) - 10 January 2018 Added more impacted products\n\nVersion:4 (rev.4) - 9 January 2018 Fixed product ID\n\nVersion:5 (rev.5) - 18 January 2018 Added additional impacted products\n\nVersion:6 (rev.6) - 19 January 2018 updated impacted product list\n\nVersion:7 (rev.7) - 23 January 2018 Marked impacted products with TBD for\nSystem ROM updates per Intel\u0027s guidance on microcode issues\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. Summary\n\n VMware vSphere, Workstation and Fusion updates add Hypervisor-\n Assisted Guest remediation for speculative execution issue. \n\n Notes:\n\n Hypervisor remediation can be classified into the two following\n categories:\n - Hypervisor-Specific Remediation (documented in VMSA-2018-0002)\n - Hypervisor-Assisted Guest Remediation (documented in this advisory)\n\n The ESXi patches and new versions of Workstation and Fusion of this\n advisory include the Hypervisor-Specific Remediation documented in\n VMware Security Advisory VMSA-2018-0002. \n\n More information on the types of Hypervisor remediation may be found\n in VMware Knowledge Base article 52245. Relevant Products\n\n VMware vCenter Server (VC)\n VMware ESXi (ESXi)\n VMware Workstation Pro / Player (Workstation)\n VMware Fusion Pro / Fusion (Fusion)\n\n3. Problem Description\n\n New speculative-execution control mechanism for Virtual Machines\n\n Updates of vCenter Server, ESXi, Workstation and Fusion virtualize\n the new speculative-execution control mechanism for Virtual Machines\n (VMs). As a result, a patched Guest Operating System (Guest OS) can\n remediate the Branch Target Injection issue (CVE-2017-5715). This\n issue may allow for information disclosure between processes within\n the VM. \n\n To remediate CVE-2017-5715 in the Guest OS the following VMware and\n third party requirements must be met:\n\n VMware Requirements\n -------------------\n\n - Deploy the updated version of vCenter Server listed in the table\n (if vCenter Server is used). \n\n - Deploy the ESXi patches and/or the new versions for Workstation or\n Fusion listed in the table. \n\n - Ensure that your VMs are using Hardware Version 9 or higher. For\n best performance, Hardware Version 11 or higher is recommended. \n VMware Knowledge Base article 1010675 discusses Hardware Versions. \n\n Third party Requirements\n ------------------------\n\n - Deploy the Guest OS patches for CVE-2017-5715. These patches are\n to be obtained from your OS vendor. \n\n - Update the CPU microcode. Additional microcode is needed for your\n CPU to be able to expose the new MSRs that are used by the patched\n Guest OS. This microcode should be available from your hardware\n platform vendor. \n VMware is providing several versions of the required microcode from\n INTEL and AMD through ESXi patches listed in the table. See VMware\n Knowledge Base 52085 for more details. \n\n\n Column 5 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/ Mitigation\n Product Version on Severity Apply patch Workaround\n =========== ======= ======= ======== ============= ==========\n\n VC 6.5 Any Important 6.5 U1e * None\n VC 6.0 Any Important 6.0 U3d * None\n VC 5.5 Any Important 5.5 U3g * None\n\n ESXi 6.5 Any Important ESXi650-201801401-BG None\n ESXi650-201801402-BG **\n ESXi 6.0 Any Important ESXi600-201801401-BG None\n ESXi600-201801402-BG **\n ESXi 5.5 Any Important ESXi550-201801401-BG ** None\n\n Workstation 14.x Any Important 14.1.1 None\n Workstation 12.x Any Important patch planned None\n\n Fusion 10.x OS X Important 10.1.1 None\n Fusion 8.x OS X Important 8.5.10 None\n\n * The new versions of vCenter Server set restrictions on ESXi hosts\n joining an Enhanced vMotion Cluster, see VMware Knowledge Base\n article 52085 for details. \n\n ** These ESXi patches install the microcodes if present for your CPU,\n see VMware Knowledge Base article 52085. Solution\n\n Please review the patch/release notes for your product and\n version and verify the checksum of your downloaded file. \n\n vCenter Server 6.5 U1e\n Downloads and Documentation:\n\nhttps://my.vmware.com/web/vmware/details?productId=614\u0026rPId=20950\u0026downloadG\nroup=VC65U1E\n\n vCenter Server 6.0 U3d\n Downloads and Documentation:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC60U3D\u0026productId=49\n1\u0026rPId=20946\n\n vCenter Server 5.5 U3g\n Downloads and Documentation:\n\nhttps://my.vmware.com/web/vmware/details?downloadGroup=VC55U3G\u0026productId=35\n3\u0026rPId=20876\n\n VMware ESXi 6.5\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n http://kb.vmware.com/kb/52198\n http://kb.vmware.com/kb/52199\n\n VMware ESXi 6.0\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n http://kb.vmware.com/kb/52205\n http://kb.vmware.com/kb/52206\n\n VMware ESXi 5.5\n Downloads:\n https://my.vmware.com/group/vmware/patch\n Documentation:\n http://kb.vmware.com/kb/52127\n\n VMware Workstation Pro, Player 14.1.1\n Downloads and Documentation:\n https://www.vmware.com/go/downloadworkstation\n https://www.vmware.com/go/downloadplayer\n https://www.vmware.com/support/pubs/ws_pubs.html\n\n VMware Fusion Pro / Fusion 8.5.10, 10.1.1\n Downloads and Documentation:\n https://www.vmware.com/go/downloadfusion\n https://www.vmware.com/support/pubs/fusion_pubs.html\n\n\n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715\n\n VMware Knowledge Base Article 52085\n https://kb.vmware.com/s/article/52085\n\n VMware Knowledge Base Article 1010675\n https://kb.vmware.com/s/article/1010675\n\n VMware Knowledge Base article 52245\n https://kb.vmware.com/s/article/52245\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n 2018-01-09 VMSA-2018-0004\n Initial security advisory in conjunction with the release of VMware\n vCenter Server 5.5 U3g, 6.0 U3d and 6.5 U1e, ESXi 5.5, 6.0, and 6.5\n patches, Workstation 14.1.1, and Fusion 10.1.1 and\n 8.5.10 on 2018-01-09. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce@lists.vmware.com\n bugtraq@securityfocus.com\n fulldisclosure@seclists.org\n\n E-mail: security@vmware.com\n PGP key at: https://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n\n VMware Security \u0026 Compliance Blog\n https://blogs.vmware.com/security\n\n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2018 VMware Inc. All rights reserved. 7.3) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libvirt library contains a C API for managing and interacting with the\nvirtualization capabilities of Linux and other operating systems. In\naddition, libvirt provides tools for remote management of virtualized\nsystems",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5715"
},
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "PACKETSTORM",
"id": "147454"
},
{
"db": "PACKETSTORM",
"id": "145665"
},
{
"db": "PACKETSTORM",
"id": "145717"
},
{
"db": "PACKETSTORM",
"id": "145769"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "145653"
},
{
"db": "PACKETSTORM",
"id": "146002"
},
{
"db": "PACKETSTORM",
"id": "145708"
},
{
"db": "PACKETSTORM",
"id": "146530"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "145800"
},
{
"db": "PACKETSTORM",
"id": "145671"
},
{
"db": "PACKETSTORM",
"id": "145650"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113918",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113918"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5715",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#584653",
"trust": 1.9
},
{
"db": "CERT/CC",
"id": "VU#180049",
"trust": 1.9
},
{
"db": "BID",
"id": "102376",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "155281",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "145645",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040071",
"trust": 1.1
},
{
"db": "LENOVO",
"id": "LEN-18282",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "43427",
"trust": 1.1
},
{
"db": "CERT@VDE",
"id": "VDE-2018-003",
"trust": 1.1
},
{
"db": "CERT@VDE",
"id": "VDE-2018-002",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-608355",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA18-141A",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00302",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146026",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145769",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145800",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "146017",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "146019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146014",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145767",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146301",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146018",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148260",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146016",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145852",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145801",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148446",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147582",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146308",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145768",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145964",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146283",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146772",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146957",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145762",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145809",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146501",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201801-152",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147454",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145665",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145717",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145653",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "146530",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145671",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "PACKETSTORM",
"id": "147454"
},
{
"db": "PACKETSTORM",
"id": "145665"
},
{
"db": "PACKETSTORM",
"id": "145717"
},
{
"db": "PACKETSTORM",
"id": "145769"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "145650"
},
{
"db": "PACKETSTORM",
"id": "145653"
},
{
"db": "PACKETSTORM",
"id": "146002"
},
{
"db": "PACKETSTORM",
"id": "145708"
},
{
"db": "PACKETSTORM",
"id": "146530"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "145800"
},
{
"db": "PACKETSTORM",
"id": "145671"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"id": "VAR-201801-0826",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
}
],
"trust": 1.3670634874999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00302"
}
]
},
"last_update_date": "2024-07-23T19:20:13.225000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-203",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/584653"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/102376"
},
{
"trust": 1.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
},
{
"trust": 1.6,
"url": "https://support.apple.com//ht208394"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/speculative-store-bypass"
},
{
"trust": 1.2,
"url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/jun/36"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/nov/16"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/180049"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180104-cpusidechannel"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-001.txt"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2019-003.txt"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "http://xenbits.xen.org/xsa/advisory-254.html"
},
{
"trust": 1.1,
"url": "https://aws.amazon.com/de/security/security-bulletins/aws-2018-013/"
},
{
"trust": 1.1,
"url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
},
{
"trust": 1.1,
"url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
},
{
"trust": 1.1,
"url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
},
{
"trust": 1.1,
"url": "https://security.paloaltonetworks.com/cve-2017-5715"
},
{
"trust": 1.1,
"url": "https://support.citrix.com/article/ctx231399"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k91229003"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/solutions/len-18282"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
},
{
"trust": 1.1,
"url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_18_01"
},
{
"trust": 1.1,
"url": "https://www.vmware.com/security/advisories/vmsa-2018-0007.html"
},
{
"trust": 1.1,
"url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0002.html"
},
{
"trust": 1.1,
"url": "https://www.vmware.com/us/security/advisories/vmsa-2018-0004.html"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4120"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4213"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/43427/"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-18:03.speculative_execution.asc"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-19:26.mcu.asc"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/145645/spectre-information-disclosure-proof-of-concept.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/155281/freebsd-security-advisory-freebsd-sa-19-26.mcu.html"
},
{
"trust": 1.1,
"url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
},
{
"trust": 1.1,
"url": "https://spectreattack.com/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0292"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040071"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/usn/usn-3516-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3531-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3531-3/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3540-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3541-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3542-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3549-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3560-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3561-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3580-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3581-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3581-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3582-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3582-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3594-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3597-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3597-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3690-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3777-3/"
},
{
"trust": 1.0,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026languageid=en-fr"
},
{
"trust": 1.0,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03871en_us"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/display/wiki/vulnerabilities+associated+with+cpu+speculative+execution"
},
{
"trust": 0.8,
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"trust": 0.8,
"url": "https://developer.amd.com/wp-content/resources/124441_amd64_speculativestorebypassdisable_whitepaper_final.pdf"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ncas/alerts/ta18-141a"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-speculative-execution-side-channel-mitigations.pdf"
},
{
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-intel-analysis-of-speculative-execution-side-channels-white-paper.pdf"
},
{
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180521-cpusidechannel"
},
{
"trust": 0.8,
"url": "https://fortiguard.com/psirt/fg-ir-18-002"
},
{
"trust": 0.8,
"url": "https://support.hp.com/us-en/document/c06001626"
},
{
"trust": 0.8,
"url": "http://www.hitachi.com/hirt/publications/hirt-pub18001/"
},
{
"trust": 0.8,
"url": "https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"trust": 0.8,
"url": "https://www.suse.com/support/kb/doc/?id=7022937"
},
{
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_23"
},
{
"trust": 0.8,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/variant4"
},
{
"trust": 0.8,
"url": "https://kb.vmware.com/s/article/54951"
},
{
"trust": 0.8,
"url": "https://aws.amazon.com/security/security-bulletins/aws-2018-015/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2017-5715"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5715"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5753"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5754"
},
{
"trust": 0.2,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/solutions/3307851"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03871en_us"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000199"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18257"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5754"
},
{
"trust": 0.1,
"url": "https://meltdownattack.com/"
},
{
"trust": 0.1,
"url": "https://reviews.llvm.org/d41723)"
},
{
"trust": 0.1,
"url": "https://reviews.freebsd.org/d13797."
},
{
"trust": 0.1,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/spectreandmeltdown"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3540-2"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3540-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1011.11"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-111.134~14.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13166"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00039267en_us\u003e"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088\u0026langu"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03805en_us"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://developer.arm.com/support/security-update\u003e"
},
{
"trust": 0.1,
"url": "http://www.amd.com/en/corporate/speculative-execution\u003e"
},
{
"trust": 0.1,
"url": "https://newsroom.intel.com/press-kits/security-exploits-intel-products/\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/s/article/52085"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/downloadfusion"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/pubs/fusion_pubs.html"
},
{
"trust": 0.1,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/s/article/1010675"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/52205"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/52198"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc55u3g\u0026productid=35"
},
{
"trust": 0.1,
"url": "https://blogs.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5715"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/52127"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?downloadgroup=vc60u3d\u0026productid=49"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/web/vmware/details?productid=614\u0026rpid=20950\u0026downloadg"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/pubs/ws_pubs.html"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/downloadplayer"
},
{
"trust": 0.1,
"url": "https://kb.vmware.com/s/article/52245"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/52206"
},
{
"trust": 0.1,
"url": "https://my.vmware.com/group/vmware/patch"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/go/downloadworkstation"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/52199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2018:0031"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "PACKETSTORM",
"id": "147454"
},
{
"db": "PACKETSTORM",
"id": "145665"
},
{
"db": "PACKETSTORM",
"id": "145717"
},
{
"db": "PACKETSTORM",
"id": "145769"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "145650"
},
{
"db": "PACKETSTORM",
"id": "145653"
},
{
"db": "PACKETSTORM",
"id": "146002"
},
{
"db": "PACKETSTORM",
"id": "145708"
},
{
"db": "PACKETSTORM",
"id": "146530"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "145800"
},
{
"db": "PACKETSTORM",
"id": "145671"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#180049"
},
{
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"db": "VULHUB",
"id": "VHN-113918"
},
{
"db": "PACKETSTORM",
"id": "147454"
},
{
"db": "PACKETSTORM",
"id": "145665"
},
{
"db": "PACKETSTORM",
"id": "145717"
},
{
"db": "PACKETSTORM",
"id": "145769"
},
{
"db": "PACKETSTORM",
"id": "146017"
},
{
"db": "PACKETSTORM",
"id": "145650"
},
{
"db": "PACKETSTORM",
"id": "145653"
},
{
"db": "PACKETSTORM",
"id": "146002"
},
{
"db": "PACKETSTORM",
"id": "145708"
},
{
"db": "PACKETSTORM",
"id": "146530"
},
{
"db": "PACKETSTORM",
"id": "146026"
},
{
"db": "PACKETSTORM",
"id": "145800"
},
{
"db": "PACKETSTORM",
"id": "145671"
},
{
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-21T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"date": "2018-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-113918"
},
{
"date": "2018-05-03T01:35:46",
"db": "PACKETSTORM",
"id": "147454"
},
{
"date": "2018-01-04T17:53:01",
"db": "PACKETSTORM",
"id": "145665"
},
{
"date": "2018-01-06T18:01:01",
"db": "PACKETSTORM",
"id": "145717"
},
{
"date": "2018-01-09T15:55:55",
"db": "PACKETSTORM",
"id": "145769"
},
{
"date": "2018-01-23T04:32:09",
"db": "PACKETSTORM",
"id": "146017"
},
{
"date": "2018-01-04T17:50:30",
"db": "PACKETSTORM",
"id": "145650"
},
{
"date": "2018-01-04T17:50:56",
"db": "PACKETSTORM",
"id": "145653"
},
{
"date": "2018-01-22T03:09:00",
"db": "PACKETSTORM",
"id": "146002"
},
{
"date": "2018-01-06T17:59:41",
"db": "PACKETSTORM",
"id": "145708"
},
{
"date": "2018-02-22T12:22:00",
"db": "PACKETSTORM",
"id": "146530"
},
{
"date": "2018-01-24T00:28:48",
"db": "PACKETSTORM",
"id": "146026"
},
{
"date": "2018-01-10T00:59:14",
"db": "PACKETSTORM",
"id": "145800"
},
{
"date": "2018-01-05T00:37:02",
"db": "PACKETSTORM",
"id": "145671"
},
{
"date": "2018-01-04T13:29:00.227000",
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-19T00:00:00",
"db": "CERT/CC",
"id": "VU#180049"
},
{
"date": "2018-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00302"
},
{
"date": "2020-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-113918"
},
{
"date": "2021-08-16T09:15:06.987000",
"db": "NVD",
"id": "CVE-2017-5715"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "146017"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#180049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "146026"
}
],
"trust": 0.1
}
}
VAR-202012-1527
Vulnerability from variot - Updated: 2024-07-23 19:19The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A denial of service security issue exists in OpenSSL prior to 1.1.1i. This could
prevent installations to flavors detected as baremetal, which might have
the required capacity to complete the installation. This is usually caused
by OpenStack administrators not setting the appropriate metadata on their
bare metal flavors. Validations are now skipped on flavors detected as
baremetal, to prevent incorrect failures from being reported.
(BZ#1889416)
- Previously, there was a broken link on the OperatorHub install page of the web console, which was intended to reference the cluster monitoring documentation. Bugs fixed (https://bugzilla.redhat.com/):
1885442 - Console doesn't load in iOS Safari when using self-signed certificates 1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found 1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console 1888165 - [release 4.6] IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected 1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5 1888717 - Cypress: Fix 'link-name' accesibility violation 1888721 - ovn-masters stuck in crashloop after scale test 1890993 - Selected Capacity is showing wrong size 1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off 1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters 1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName 1891499 - Other machine config pools do not show during update 1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: openssl-1.0.2k-9.el7_4.src.rpm
x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: openssl-1.0.2k-9.el7_4.src.rpm
ppc64le: openssl-1.0.2k-9.el7_4.ppc64le.rpm openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-devel-1.0.2k-9.el7_4.ppc64le.rpm openssl-libs-1.0.2k-9.el7_4.ppc64le.rpm
x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: openssl-1.0.2k-9.el7_4.src.rpm
x86_64: openssl-1.0.2k-9.el7_4.x86_64.rpm openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-devel-1.0.2k-9.el7_4.i686.rpm openssl-devel-1.0.2k-9.el7_4.x86_64.rpm openssl-libs-1.0.2k-9.el7_4.i686.rpm openssl-libs-1.0.2k-9.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le: openssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm openssl-perl-1.0.2k-9.el7_4.ppc64le.rpm openssl-static-1.0.2k-9.el7_4.ppc64le.rpm
x86_64: openssl-debuginfo-1.0.2k-9.el7_4.i686.rpm openssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm openssl-perl-1.0.2k-9.el7_4.x86_64.rpm openssl-static-1.0.2k-9.el7_4.i686.rpm openssl-static-1.0.2k-9.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
Security Fix(es):
-
crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
-
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)
-
containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
-
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - --to option does not work with --credentials-requests flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the create api help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - oc api-resources does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in oc explain
1880787 - No description for Provisioning CRD for oc explain
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - oc explain localvolumediscovery returns empty description
1887751 - oc explain localvolumediscoveryresult returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]:make checkbroken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 -oc adm release mirrorpanic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 -Active alertssection throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describingignore-volume-azis incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Showkubectl diff command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in theoc rollback -hhelp page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port infrom dockerfileflow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information foroc new-project --skip-config-writeis wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources showsundefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
- References:
https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages that are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
- ========================================================================== Ubuntu Security Notice USN-4662-1 December 08, 2020
openssl, openssl1.0 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
OpenSSL could be made to crash if it processed specially crafted input.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.1
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.1
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.5 libssl1.1 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.18
After a standard system update you need to reboot your computer to make all the necessary changes. 7) - aarch64, ppc64le, s390x
This issue was reported to OpenSSL on 9th November 2020 by David Benjamin (Google). Initial analysis was performed by David Benjamin with additional analysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell.
Note
OpenSSL 1.0.2 is out of support and no longer receiving public updates.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20201208.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.22"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2x"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "scz8.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "ef600a",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.20.1"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.3"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "manageability software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.23.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.4"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"model": "nessus network monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "communications subscriber-aware load balancer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.4"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session router",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.60.3"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1i"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.3"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "communications diameter intelligence hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.3"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.32"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.5.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.22"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "aff a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.2"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "cz8.4"
},
{
"model": "communications diameter intelligence hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "pcz3.1"
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "note that, 1.1.0 is no longer supported has not been evaluated for this vulnerability."
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.2x",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.1i",
"versionStartIncluding": "1.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.22",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_session_manager:scz8.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:cz8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.22",
"versionStartIncluding": "8.0.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.32",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.60.3",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:ef600a_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:ef600a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.0.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.13.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.12.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.5.0",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.15.4",
"versionStartIncluding": "14.15.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.20.1",
"versionStartIncluding": "12.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.23.1",
"versionStartIncluding": "10.13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "160654"
},
{
"db": "PACKETSTORM",
"id": "160644"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161382"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "160651"
}
],
"trust": 0.7
},
"cve": "CVE-2020-1971",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-1971",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-173115",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-1971",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-1971",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-173115",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-1971",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\u0027s s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\u0027s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). OpenSSL Project Than, OpenSSL Security Advisory [08 December 2020] Has been published. Severity - high (Severity: High)EDIPARTYNAME NULL pointer reference - CVE-2020-1971OpenSSL of GENERAL_NAME_cmp() the function is X.509 This function compares data such as the host name included in the certificate. GENERAL_NAME_cmp() Both arguments to be compared in the function are EDIPartyName If it was of type GENERAL_NAME_cmp() in a function NULL pointer reference (CWE-476) may occur and crash the server or client application calling the function.Crafted X.509 Denial of service by performing certificate verification processing (DoS) You may be attacked. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. A denial of service security issue exists in OpenSSL prior to 1.1.1i. This could\nprevent installations to flavors detected as `baremetal`, which might have\nthe required capacity to complete the installation. This is usually caused\nby OpenStack administrators not setting the appropriate metadata on their\nbare metal flavors. Validations are now skipped on flavors detected as\n`baremetal`, to prevent incorrect failures from being reported. \n(BZ#1889416)\n\n* Previously, there was a broken link on the OperatorHub install page of\nthe web console, which was intended to reference the cluster monitoring\ndocumentation. Bugs fixed (https://bugzilla.redhat.com/):\n\n1885442 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885946 - console-master-e2e-gcp-console test periodically fail due to no Alerts found\n1887551 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1888165 - [release 4.6] IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1888650 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888717 - Cypress: Fix \u0027link-name\u0027 accesibility violation\n1888721 - ovn-masters stuck in crashloop after scale test\n1890993 - Selected Capacity is showing wrong size\n1890994 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1891427 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1891454 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1891499 - Other machine config pools do not show during update\n1891891 - Wrong detail head on network policy detail page. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nppc64le:\nopenssl-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-devel-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-libs-1.0.2k-9.el7_4.ppc64le.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nopenssl-1.0.2k-9.el7_4.src.rpm\n\nx86_64:\nopenssl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-devel-1.0.2k-9.el7_4.i686.rpm\nopenssl-devel-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-libs-1.0.2k-9.el7_4.i686.rpm\nopenssl-libs-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-perl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-static-1.0.2k-9.el7_4.i686.rpm\nopenssl-static-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nopenssl-debuginfo-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-perl-1.0.2k-9.el7_4.ppc64le.rpm\nopenssl-static-1.0.2k-9.el7_4.ppc64le.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-9.el7_4.i686.rpm\nopenssl-debuginfo-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-perl-1.0.2k-9.el7_4.x86_64.rpm\nopenssl-static-1.0.2k-9.el7_4.i686.rpm\nopenssl-static-1.0.2k-9.el7_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:5633-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5633\nIssue date: 2021-02-24\nCVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error : the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress: Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress: Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress: Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\" \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe Translation of \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]: Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs. RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027 to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation] fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 6 packages\nthat are part of the JBoss Core Services offering. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. ==========================================================================\nUbuntu Security Notice USN-4662-1\nDecember 08, 2020\n\nopenssl, openssl1.0 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it processed specially crafted input. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.1\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.5\n libssl1.1 1.1.1-1ubuntu2.1~18.04.7\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.18\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. 7) - aarch64, ppc64le, s390x\n\n3. \n\nThis issue was reported to OpenSSL on 9th November 2020 by David Benjamin\n(Google). Initial analysis was performed by David Benjamin with additional\nanalysis by Matt Caswell (OpenSSL). The fix was developed by Matt Caswell. \n\nNote\n====\n\nOpenSSL 1.0.2 is out of support and no longer receiving public updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20201208.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1971"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"db": "PACKETSTORM",
"id": "160654"
},
{
"db": "PACKETSTORM",
"id": "160644"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161382"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "160651"
},
{
"db": "PACKETSTORM",
"id": "169642"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1971",
"trust": 3.7
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/14/2",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44676",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU91053554",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90348129",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-336-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160644",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161382",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160651",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160414",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161003",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161004",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161387",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160569",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160704",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161389",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160523",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160639",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161011",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160882",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-173115",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-1971",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169642",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "PACKETSTORM",
"id": "160654"
},
{
"db": "PACKETSTORM",
"id": "160644"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161382"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "160651"
},
{
"db": "PACKETSTORM",
"id": "169642"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"id": "VAR-202012-1527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
}
],
"trust": 0.44999999999999996
},
"last_update_date": "2024-07-23T19:19:40.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-126",
"trust": 0.8,
"url": "https://github.com/openssl/openssl/commit/f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"title": "Red Hat: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210491 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205422 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210056 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205640 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205639 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205642 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205588 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Web Server 3.1 Service Pack 11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210489 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210488 - security advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210486 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205637 - security advisory"
},
{
"title": "Red Hat: Important: openssl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205476 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205566 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205641 - security advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205623 - security advisory"
},
{
"title": "Debian Security Advisories: DSA-4807-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3bd12ad190825227a63dd6fa019b384e"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1456",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1456"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210494 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Web Server 5.4.1 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210495 - security advisory"
},
{
"title": "Arch Linux Advisories: [ASA-202012-24] openssl: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202012-24"
},
{
"title": "IBM: Security Bulletin: Vulnerability in Fabric OS used by IBM b-type SAN directors and switches.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d1909a4b2d683c22ce1b861676950187"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1573",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1573"
},
{
"title": "IBM: Security Bulletin: z/TPF is affected by an OpenSSL vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=96f04546c2e8544a0cc0bdb9c9cff51b"
},
{
"title": "IBM: Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=280f45996e27a28446f71e76b35820ac"
},
{
"title": "IBM: Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a denial of service vulnerability (CVE-2020-1971)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ceec38a4be2281800c7fde6f0ec38787"
},
{
"title": "Red Hat: Important: Red Hat Ceph Storage 4.2 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210083 - security advisory"
},
{
"title": "IBM: Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data \u00e2\u20ac\u201c OpenSSL",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c6da717c9ae4244c7a1befa91a3a66b0"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-1971 log"
},
{
"title": "Red Hat: Moderate: OpenShift Virtualization 2.5.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210187 - security advisory"
},
{
"title": "IBM: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2020-1971, CVE-2021-23840, CVE-2021-23841)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a027ad7ae5a4bc5a118b5baf7f42aa8c"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.6.9 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205614 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8cc5ff875578b52e2a6a6ad258f01034"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.12 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210039 - security advisory"
},
{
"title": "IBM: Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=eddc867c302ff9f5218add2962e3491b"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-116"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-11"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.12 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210037 - security advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Agent 8.2.2 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-13"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.13.1 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2020-12"
},
{
"title": "Red Hat: Moderate: Release of OpenShift Serverless 1.12.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210146 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-119"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-09"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2021-10"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2023-126"
},
{
"title": "Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210050 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210190 - security advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210436 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "CVE-2020-1971",
"trust": 0.1,
"url": "https://github.com/mbhudson/cve-2020-1971 "
},
{
"title": "tools",
"trust": 0.1,
"url": "https://github.com/scott-leung/tools "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 1.2,
"url": "https://www.openssl.org/news/secadv/20201208.txt"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44676"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20201218-0005/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2020/dsa-4807"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-20:33.openssl.asc"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202012-13"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91053554"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90348129/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2020/at200048.html"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-02"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16166"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pwpssznzobju2yr6z4tghxkyw3yp5qg7/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dgsi34y5lq5ryxn4m2i5zqt65lfvdouu/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5614"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19072"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12655"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13249"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19602"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15917"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19533"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16167"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9455"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1c"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4662-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5642"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/support/contracts.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "PACKETSTORM",
"id": "160654"
},
{
"db": "PACKETSTORM",
"id": "160644"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161382"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "160651"
},
{
"db": "PACKETSTORM",
"id": "169642"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-173115"
},
{
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"db": "PACKETSTORM",
"id": "160654"
},
{
"db": "PACKETSTORM",
"id": "160644"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "161382"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "160414"
},
{
"db": "PACKETSTORM",
"id": "160651"
},
{
"db": "PACKETSTORM",
"id": "169642"
},
{
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-173115"
},
{
"date": "2020-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"date": "2020-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"date": "2020-12-21T20:24:33",
"db": "PACKETSTORM",
"id": "160654"
},
{
"date": "2020-12-21T17:38:24",
"db": "PACKETSTORM",
"id": "160644"
},
{
"date": "2021-02-25T15:29:25",
"db": "PACKETSTORM",
"id": "161546"
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727"
},
{
"date": "2021-02-11T15:19:41",
"db": "PACKETSTORM",
"id": "161382"
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142"
},
{
"date": "2020-12-09T16:09:14",
"db": "PACKETSTORM",
"id": "160414"
},
{
"date": "2020-12-21T20:17:29",
"db": "PACKETSTORM",
"id": "160651"
},
{
"date": "2020-12-08T12:12:12",
"db": "PACKETSTORM",
"id": "169642"
},
{
"date": "2020-12-08T16:15:11.730000",
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-173115"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1971"
},
{
"date": "2024-02-19T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-009865"
},
{
"date": "2024-06-21T19:15:16.170000",
"db": "NVD",
"id": "CVE-2020-1971"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160414"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer reference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009865"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "161546"
}
],
"trust": 0.1
}
}
VAR-201911-0712
Vulnerability from variot - Updated: 2024-06-07 20:56An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. Linux Kernel Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)
New kernel packages are available for Slackware 14.2 to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.208/: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 ( Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz
MD5 signatures: +-------------+
Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz
Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg kernel-*.txz
If you are using an initrd, you'll need to rebuild it.
For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash
For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2):
/usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash
Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.208-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.208 as the version.
If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting.
If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader.
If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAl4WVEYACgkQakRjwEAQIjMljgCfTQKeQBRpNgxFhMtrKSwy0afq emEAoI4MwPctKJAsQZyfhUymhvQ6bWUh =xnPY -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4287-2 February 18, 2020
linux-azure vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615)
It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099)
It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229)
It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683)
It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786)
It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-18809)
It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19057)
It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19062)
It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19063)
It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19071)
It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19078)
It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to possibly cause a denial of service (kernel memory exhaustion). (CVE-2019-19082)
Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227)
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767)
Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965)
It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. An attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-20096)
Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053)
It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1 linux-image-azure 4.15.0.1069.55
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4287-2 https://usn.ubuntu.com/4287-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data availability services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h610s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.204"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.3.14"
},
{
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.1"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.157"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.4"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.87"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.204"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "3.18"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "kernel",
"scope": "lte",
"trust": 0.8,
"vendor": "linux",
"version": "5.3.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.3.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156125"
},
{
"db": "PACKETSTORM",
"id": "156124"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-18683",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18683",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18683",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-18683",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. Linux Kernel Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] Slackware 14.2 kernel (SSA:2020-008-01)\n\nNew kernel packages are available for Slackware 14.2 to fix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/linux-4.4.208/*: Upgraded. \n IPV6_MULTIPLE_TABLES n -\u003e y\n +IPV6_SUBTREES y\n These updates fix various bugs and security issues. \n Be sure to upgrade your initrd after upgrading the kernel packages. \n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader. \n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition. \n For more information, see:\n Fixed in 4.4.203:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917\n Fixed in 4.4.204:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683\n Fixed in 4.4.206:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614\n Fixed in 4.4.207:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332\n Fixed in 4.4.208:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\nef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz\nce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz\n2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz\nc237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz\n29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz\n6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz\n440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz\n969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\nd6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz\n10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz\n369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz\nb8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz\n83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg kernel-*.txz\n\nIf you are using an initrd, you\u0027ll need to rebuild it. \n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n# /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren\u0027t sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.208-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.208 as the version. \n\nIf you are using lilo or elilo to boot the machine, you\u0027ll need to ensure\nthat the machine is properly prepared before rebooting. \n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou\u0027ll need to run \"lilo\" as root to reinstall the boot loader. \n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAl4WVEYACgkQakRjwEAQIjMljgCfTQKeQBRpNgxFhMtrKSwy0afq\nemEAoI4MwPctKJAsQZyfhUymhvQ6bWUh\n=xnPY\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-4287-2\nFebruary 18, 2020\n\nlinux-azure vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n\nDetails:\n\nUSN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. \n\nIt was discovered that the Linux kernel did not properly clear data\nstructures on context switches for certain Intel graphics processors. A\nlocal attacker could use this to expose sensitive information. \n(CVE-2019-14615)\n\nIt was discovered that the Atheros 802.11ac wireless USB device driver in\nthe Linux kernel did not properly validate device metadata. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-15099)\n\nIt was discovered that the HSA Linux kernel driver for AMD GPU devices did\nnot properly check for errors in certain situations, leading to a NULL\npointer dereference. A local attacker could possibly use this to cause a\ndenial of service. (CVE-2019-16229)\n\nIt was discovered that the Marvell 8xxx Libertas WLAN device driver in the\nLinux kernel did not properly check for errors in certain situations,\nleading to a NULL pointer dereference. A local attacker could possibly use\nthis to cause a denial of service. An attacker with write access to /dev/video0 on\na system with the vivid module loaded could possibly use this to gain\nadministrative privileges. (CVE-2019-18683)\n\nIt was discovered that the Renesas Digital Radio Interface (DRIF) driver in\nthe Linux kernel did not properly initialize data. A local attacker could\npossibly use this to expose sensitive information (kernel memory). \n(CVE-2019-18786)\n\nIt was discovered that the Afatech AF9005 DVB-T USB device driver in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-18809)\n\nIt was discovered that the btrfs file system in the Linux kernel did not\nproperly validate metadata, leading to a NULL pointer dereference. An\nattacker could use this to specially craft a file system image that, when\nmounted, could cause a denial of service (system crash). A local attacker could possibly use this to\ncause a denial of service (kernel memory exhaustion). (CVE-2019-19057)\n\nIt was discovered that the crypto subsystem in the Linux kernel did not\nproperly deallocate memory in certain error conditions. A local attacker\ncould use this to cause a denial of service (kernel memory exhaustion). \n(CVE-2019-19062)\n\nIt was discovered that the Realtek rtlwifi USB device driver in the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker could possibly use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19063)\n\nIt was discovered that the RSI 91x WLAN device driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19071)\n\nIt was discovered that the Atheros 802.11ac wireless USB device driver in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could possibly use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19078)\n\nIt was discovered that the AMD GPU device drivers in the Linux kernel did\nnot properly deallocate memory in certain error conditions. A local\nattacker could use this to possibly cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19082)\n\nDan Carpenter discovered that the AppleTalk networking subsystem of the\nLinux kernel did not properly handle certain error conditions, leading to a\nNULL pointer dereference. A local attacker could use this to cause a denial\nof service (system crash). (CVE-2019-19227)\n\nIt was discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly handle ioctl requests to get emulated CPUID\nfeatures. An attacker with access to /dev/kvm could use this to cause a\ndenial of service (system crash). An attacker could use\nthis to specially craft an ext4 file system that, when mounted, could cause\na denial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-19767)\n\nGao Chuan discovered that the SAS Class driver in the Linux kernel\ncontained a race condition that could lead to a NULL pointer dereference. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-19965)\n\nIt was discovered that the Datagram Congestion Control Protocol (DCCP)\nimplementation in the Linux kernel did not properly deallocate memory in\ncertain error conditions. An attacker could possibly use this to cause a\ndenial of service (kernel memory exhaustion). (CVE-2019-20096)\n\nMitchell Frank discovered that the Wi-Fi implementation in the Linux kernel\nwhen used as an access point would send IAPP location updates for stations\nbefore client authentication had completed. A physically proximate attacker\ncould use this to cause a denial of service. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-7053)\n\nIt was discovered that the B2C2 FlexCop USB device driver in the Linux\nkernel did not properly validate device metadata. A physically proximate\nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-15291)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1\n linux-image-azure 4.15.0.1069.55\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4287-2\n https://usn.ubuntu.com/4287-1\n CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229,\n CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809,\n CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063,\n CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227,\n CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096,\n CVE-2019-5108, CVE-2020-7053\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "155890"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156125"
},
{
"db": "PACKETSTORM",
"id": "156124"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18683",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "155890",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/11/05/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/11/02/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156427",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156125",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1745",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1745.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4584",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4793",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0851",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0305",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0572",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4704",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0830",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4346.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0572.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-18683",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156110",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156422",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156418",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "155890"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156125"
},
{
"db": "PACKETSTORM",
"id": "156124"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"id": "VAR-201911-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-06-07T20:56:30.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linux Kernel Archives",
"trust": 0.8,
"url": "http://www.kernel.org"
},
{
"title": "[PATCH v4 1/1] media: vivid: Fix wrong locking that causes race conditions on streaming stop",
"trust": 0.8,
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/"
},
{
"title": "Linux kernel Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102033"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4254-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4254-2"
},
{
"title": "Ubuntu Security Notice: linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4258-1"
},
{
"title": "Ubuntu Security Notice: linux-azure vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4287-2"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4284-1"
},
{
"title": "Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4287-1"
},
{
"title": "Linux kernel Exploitation tutorials \u0026 Practice\nTracing the Kernel\nKernel Bugs, vulnerabilities and exploitation techniques\nLinux Kernel Exploitation cve PoC/writeups \u0026 guides\nTalks from conferences (videos)\nMajor changes to source code\nAdditional Out of context resources\nSource code structs \u0026 fields of interest\nThe backyard/garage of the Linux kernel docs\nLinux internals\nVirtual memory areas datastructures (VMA)\nPage Tables and Process Memory internals \u0026 exploits\nVarious open source tools\nIn Chromium\nAndroid\nblogs\nMitigations",
"trust": 0.1,
"url": "https://github.com/idanbanani/linux-kernel-vr-exploitation "
},
{
"title": "linux-kernel-exploits",
"trust": 0.1,
"url": "https://github.com/de4dcr0w/linux-kernel-eop-exp "
},
{
"title": "Linux Kernel Exploitation",
"trust": 0.1,
"url": "https://github.com/tamilhackz/linux-kernel-exploitation "
},
{
"title": "Linux Kernel Exploitation",
"trust": 0.1,
"url": "https://github.com/khanhdz191/linux-kernel-exploitation "
},
{
"title": "Linux Kernel Exploitation",
"trust": 0.1,
"url": "https://github.com/xairy/linux-kernel-exploitation "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.8
},
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4254-1/"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/155890/slackware-security-advisory-slackware-14.2-kernel-updates.html"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4254-2/"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4258-1/"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4287-1/"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4287-2/"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4284-1/"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18683"
},
{
"trust": 1.7,
"url": "https://www.openwall.com/lists/oss-security/2019/11/02/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/11/05/1"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20191205-0001/"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2020/jan/10"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
},
{
"trust": 1.1,
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com/"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18683"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15291"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19332"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19227"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19063"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19057"
},
{
"trust": 0.6,
"url": "https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov@linux.com/"
},
{
"trust": 0.6,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4286-2/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4286-1/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4285-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193381-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4255-2/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4253-2/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4255-1/"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/4253-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193316-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193317-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156427/ubuntu-security-notice-usn-4287-2.html"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/pixel/2020-06-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4704/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0305/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4793/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0572.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0851/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1745.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4584/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0830/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156125/ubuntu-security-notice-usn-4258-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0572/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0141/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-drivers-media-platform-vivid-31091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1745/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4346.2/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18885"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19062"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15099"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19078"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19071"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19767"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19082"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19965"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16229"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16232"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18786"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4254-1"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4287-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20096"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7053"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5108"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19077"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19050"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19252"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2019/q4/43"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-173.203"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1128.137"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1101.112"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1132.140"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1065.72"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19524"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18660"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19063"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15291"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19338"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15917"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19227"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19062"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19338"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19524"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1072.79"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1053.53"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1071.76"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1060.62"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-88.88~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1052.55"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1055.59"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1055.59"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1060.62~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1033.36"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-88.88"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4287-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1009.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.3/5.3.0-1013.14~18.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4284-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.3.0-40.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1012.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19947"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1012.13~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-40.32~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1018.20~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1018.20"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1011.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19602"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1010.11"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1024.27~18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19079"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4258-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1010.15~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1029.30~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1029.30~18.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4254-2"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "155890"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156125"
},
{
"db": "PACKETSTORM",
"id": "156124"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "155890"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156125"
},
{
"db": "PACKETSTORM",
"id": "156124"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"date": "2020-01-28T15:44:44",
"db": "PACKETSTORM",
"id": "156110"
},
{
"date": "2020-01-09T15:06:22",
"db": "PACKETSTORM",
"id": "155890"
},
{
"date": "2020-02-19T15:27:54",
"db": "PACKETSTORM",
"id": "156422"
},
{
"date": "2020-02-19T15:35:02",
"db": "PACKETSTORM",
"id": "156427"
},
{
"date": "2020-02-19T15:25:33",
"db": "PACKETSTORM",
"id": "156418"
},
{
"date": "2020-01-29T17:15:10",
"db": "PACKETSTORM",
"id": "156125"
},
{
"date": "2020-01-29T17:15:05",
"db": "PACKETSTORM",
"id": "156124"
},
{
"date": "2019-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"date": "2019-11-04T16:15:11.327000",
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-18683"
},
{
"date": "2019-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011718"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-066"
},
{
"date": "2024-06-07T13:55:43.110000",
"db": "NVD",
"id": "CVE-2019-18683"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "156110"
},
{
"db": "PACKETSTORM",
"id": "156422"
},
{
"db": "PACKETSTORM",
"id": "156427"
},
{
"db": "PACKETSTORM",
"id": "156418"
},
{
"db": "PACKETSTORM",
"id": "156124"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux Kernel Race condition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011718"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-066"
}
],
"trust": 0.6
}
}
VAR-202206-1962
Vulnerability from variot - Updated: 2024-03-27 21:37A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com can set cookies that also would match for bar.example.com, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.71.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc626-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.71.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167607"
}
],
"trust": 0.1
},
"cve": "CVE-2022-32205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-32205",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-424132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-32205",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-32205",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-424132",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-32205",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain cookies. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5495-1\n CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3\n https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12\n https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32205",
"trust": 3.7
},
{
"db": "HACKERONE",
"id": "1569946",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-333517",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-18",
"trust": 0.9
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91561630",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-424132",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"id": "VAR-202206-1962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
}
],
"trust": 0.6383838399999999
},
"last_update_date": "2024-03-27T21:37:32.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-333517",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"title": "curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=198519"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5495-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32205"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-32205"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1875",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1875"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-206",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-206"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-145"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32205 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/holmes-py/reports-summary "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://hackerone.com/reports/1569946"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91561630"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32205/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-set-cookie-38670"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424132"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"date": "2022-07-07T13:15:08.277000",
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424132"
},
{
"date": "2023-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"date": "2023-09-26T06:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"date": "2024-03-27T15:01:05.383000",
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in resource allocation without restrictions or throttling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
],
"trust": 0.6
}
}
VAR-202206-1963
Vulnerability from variot - Updated: 2024-03-27 20:05When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6157-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6157 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ==================================================================== 1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: HTTP compression denial of service (CVE-2022-32206)
-
curl: Unpreserved file permissions (CVE-2022-32207)
-
curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le: curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x: curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64: curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.5.i686.rpm libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: curl-7.76.1-14.el9_0.5.src.rpm
aarch64: curl-7.76.1-14.el9_0.5.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le: curl-7.76.1-14.el9_0.5.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x: curl-7.76.1-14.el9_0.5.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64: curl-7.76.1-14.el9_0.5.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-7.76.1-14.el9_0.5.i686.rpm libcurl-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1 OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5 fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8 zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB pl2iagecnP0=fQUi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.69.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.69.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 0.3
},
"cve": "CVE-2022-32207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-32207",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-424134",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-32207",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2569",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-424134",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-32207",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: curl security update\nAdvisory ID: RHSA-2022:6157-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6157\nIssue date: 2022-08-24\nCVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-14.el9_0.5.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p\ndru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL\nMCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1\nOOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp\nY5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5\nfSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B\nvstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR\nP5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q\nWR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8\nzLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj\nhaaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB\npl2iagecnP0=fQUi\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32207",
"trust": 4.0
},
{
"db": "HACKERONE",
"id": "1573634",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-424134",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32207",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"id": "VAR-202206-1963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
}
],
"trust": 0.01
},
"last_update_date": "2024-03-27T20:05:24.756000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"title": "curl Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=199973"
},
{
"title": "Red Hat: Moderate: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226157 - security advisory"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5495-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-32207"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-32207"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228840 - security advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20228841 - security advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1875",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2022-1875"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-206",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-206"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-145"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32207 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://hackerone.com/reports/1573634"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95292697"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-privilege-escalation-via-cookies-alt-svc-hsts-file-permissions-38672"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32207/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:6157"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424134"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2022-08-25T15:27:31",
"db": "PACKETSTORM",
"id": "168174"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-08T21:28:44",
"db": "PACKETSTORM",
"id": "170166"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2022-12-08T21:28:21",
"db": "PACKETSTORM",
"id": "170165"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"date": "2022-07-07T13:15:08.403000",
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424134"
},
{
"date": "2023-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"date": "2023-09-26T06:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"date": "2024-03-27T15:00:46.637000",
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
],
"trust": 0.6
}
}
VAR-202104-0328
Vulnerability from variot - Updated: 2024-03-27 19:39curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-36
https://security.gentoo.org/
Severity: High Title: cURL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #779535, #792192 ID: 202105-36
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.77.0 >= 7.77.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0"
References
[ 1 ] CVE-2021-22876 https://nvd.nist.gov/vuln/detail/CVE-2021-22876 [ 2 ] CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890 [ 3 ] CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 [ 4 ] CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-22901
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-36
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 =====================================================================
- Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
- References:
https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- ========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
curl could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq
Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).
CVE-2020-8177
sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.
CVE-2020-8231
Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.
CVE-2020-8284
Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.
CVE-2020-8285
xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
CVE-2020-8286
It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.
CVE-2021-22876
Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.75.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- agent"
},
{
"model": "fabric operating system",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- agent minimal edition"
},
{
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- manager"
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.75.0",
"versionStartIncluding": "7.63.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22890",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22890",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-22890",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1709",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-22890",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-36\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: cURL: Multiple vulnerabilities\n Date: May 26, 2021\n Bugs: #779535, #792192\n ID: 202105-36\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.77.0 \u003e= 7.77.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.77.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-22876\n https://nvd.nist.gov/vuln/detail/CVE-2021-22876\n[ 2 ] CVE-2021-22890\n https://nvd.nist.gov/vuln/detail/CVE-2021-22890\n[ 3 ] CVE-2021-22898\n https://nvd.nist.gov/vuln/detail/CVE-2021-22898\n[ 4 ] CVE-2021-22901\n https://nvd.nist.gov/vuln/detail/CVE-2021-22901\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-36\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID: RHSA-2021:2471-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2471\nIssue date: 2021-06-17\nCVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. ==========================================================================\nUbuntu Security Notice USN-4898-1\nMarch 31, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\ncurl could be made to expose sensitive information over the network. A remote attacker could possibly use this\nissue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could\nuse this issue to bypass certificate checks and intercept communications. \nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. \n(CVE-2021-22890)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n curl 7.68.0-1ubuntu4.3\n libcurl3-gnutls 7.68.0-1ubuntu4.3\n libcurl3-nss 7.68.0-1ubuntu4.3\n libcurl4 7.68.0-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.5\n libcurl3-gnutls 7.68.0-1ubuntu2.5\n libcurl3-nss 7.68.0-1ubuntu2.5\n libcurl4 7.68.0-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.13\n libcurl3-gnutls 7.58.0-2ubuntu3.13\n libcurl3-nss 7.58.0-2ubuntu3.13\n libcurl4 7.58.0-2ubuntu3.13\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.19\n libcurl3 7.47.0-1ubuntu2.19\n libcurl3-gnutls 7.47.0-1ubuntu2.19\n libcurl3-nss 7.47.0-1ubuntu2.19\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMarch 30, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n Marek Szlagor reported that libcurl could be tricked into prepending\n a part of the password to the host name before it resolves it,\n potentially leaking the partial password over the network and to the\n DNS server(s). \n\nCVE-2020-8177\n\n sn reported that curl could be tricked by a malicious server into\n overwriting a local file when using th -J (--remote-header-name) and\n -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n Marc Aldorasi reported that libcurl might use the wrong connection\n when an application using libcurl\u0027s multi API sets the option\n CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n Varnavas Papaioannou reported that a malicious server could use the\n PASV response to trick curl into connecting back to an arbitrary IP\n address and port, potentially making curl extract information about\n services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n xnynx reported that libcurl could run out of stack space when using\n tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n It was reported that libcurl didn\u0027t verify that an OCSP response\n actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n Viktor Szakats reported that libcurl does not strip off user\n credentials from the URL when automatically populating the Referer\n HTTP request header field in outgoing HTTP requests. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22890",
"trust": 3.0
},
{
"db": "HACKERONE",
"id": "1129529",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162817",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162037",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2168",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1118",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052711",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062142",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-09",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"id": "VAR-202104-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-03-27T19:39:03.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-132",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "HAXX libcurl Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=145993"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=070f9241d84352ce262145cf1828f6f7"
},
{
"title": "Red Hat: CVE-2021-22890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-22890"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-22890 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-132"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=b1e904198be8e0726ebde78ffc5fac9a"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "clair-client",
"trust": 0.1,
"url": "https://github.com/indece-official/clair-client "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1129529"
},
{
"trust": 1.7,
"url": "https://curl.se/docs/cve-2021-22890.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162037/ubuntu-security-notice-usn-4898-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163193/red-hat-security-advisory-2021-2471-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052711"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1118"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1129"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-tls-1-3-session-ticket-proxy-host-mixup-34978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2021-22876-and-cve-2021-22890/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2168"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062142"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2472"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4898-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"date": "2021-05-26T17:36:11",
"db": "PACKETSTORM",
"id": "162817"
},
{
"date": "2021-06-17T18:01:23",
"db": "PACKETSTORM",
"id": "163193"
},
{
"date": "2021-06-17T18:09:26",
"db": "PACKETSTORM",
"id": "163197"
},
{
"date": "2021-03-31T14:30:52",
"db": "PACKETSTORM",
"id": "162037"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169015"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"date": "2021-04-01T18:15:12.917000",
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"date": "2021-10-05T05:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"date": "2024-03-27T15:47:45.160000",
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Spoofing Authentication Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 1.2
}
}
VAR-202107-1585
Vulnerability from variot - Updated: 2024-02-20 00:22For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Eclipse Jetty Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat AMQ Broker 7.9.0 release and security update Advisory ID: RHSA-2021:3700-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:3700 Issue date: 2021-09-30 Keywords: amq,messaging,integration,broker CVE Names: CVE-2020-13956 CVE-2020-27223 CVE-2021-3425 CVE-2021-3763 CVE-2021-20289 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVE-2021-29425 CVE-2021-34428 CVE-2021-34429 =====================================================================
- Summary:
Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
-
httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956)
-
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223)
-
resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289)
-
netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
-
netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
-
netty: Request smuggling via content-length header (CVE-2021-21409)
-
jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
-
jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
-
jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)
-
jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169)
-
commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
-
broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)
-
jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428)
-
jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)
-
broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1936629 - CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2000654 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console
- References:
https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-27223 https://access.redhat.com/security/cve/CVE-2021-3425 https://access.redhat.com/security/cve/CVE-2021-3763 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28164 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28169 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/cve/CVE-2021-34428 https://access.redhat.com/security/cve/CVE-2021-34429 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYVWKK9zjgjWX9erEAQiu0A/+NJe1AtB06jaucFaOVo6/q4A3geYdiNfX aU44bpkaYfOHdYkd2Ec59L3ImNIUCYMxUZIWhNfyUwMKAGxRnj2Q0tzm3O6ZCwcL 3DIVXlJHfrQHN8rZ38rG0bi4l4OnnSV1y2kskqkOITFcv6N0MmyQ8+rzG/m5VHC6 c9IBl0zXGZs+8sXDsXzN7tabdieUmke1FyR1SV/YsR9rnnm1cZJcfJqJcKWeKD0v GMvKjgq6VImt8xAZbaOHWzV3+PfinisPh7XYRabE87EAyMFmy5jWclZrg8UhsaYX DEV2+wis3jgANdAgvNox/7camxSciogKKSTxc8ZTPaok33GeudET5pmVbac9sQsc e/jrTvN+AnHMtGoQQwAHPQH3DMjomzd1vmjV4aI6UfearT0GlkLLMVcn6wp2OQ7w d+yh2QnDGXUHLYCkAcvNVklL8ZGlhxgV9zdhoYVSdiZPXAQNvfCDgNilzMaJKXmF k2sR0BB3wnSG7//dUTbNTbBQw8JpuYesDpUC+JYMWErnFak9MGj0Q+ISfxYE9vC5 LSiCsqNHibsGcA5XpVVvO4q/LM6mwhCozD4WXrCw3xl4n4EWWiTQceF+yYSRtsmn pWcWk56HHAlr5Qs9jRuW90pzyf8X/T9rEmugb62Z7SGSUH/A4xJxLpZJHb4q/whu hBENV2qm+t4= =l+R3 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
Security Fix(es):
-
jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
-
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "snapcenter plug-in",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.3.0"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "element plug-in for vcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.43"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.2"
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.6"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "9.4.37"
},
{
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"model": "stream analytics",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.6.4"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "11.0.1"
},
{
"model": "rest data services",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"model": "stream analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.2.0"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "jetty",
"scope": "gte",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.1"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "jetty",
"scope": "lt",
"trust": 1.0,
"vendor": "eclipse",
"version": "10.0.6"
},
{
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snapcenter plug-in",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oracle communications cloud native core binding support function",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications cloud native core security edge protection proxy",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "e-series santricity web services",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element plug-in for vcenter server",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jetty",
"scope": null,
"trust": 0.8,
"vendor": "eclipse",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "snap creator framework",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.6",
"versionStartIncluding": "11.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.6",
"versionStartIncluding": "10.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.4.43",
"versionStartIncluding": "9.4.37",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0.2",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.1.0.0.6.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164346"
},
{
"db": "PACKETSTORM",
"id": "165564"
}
],
"trust": 0.2
},
"cve": "CVE-2021-34429",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-34429",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-394611",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-009832",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-34429",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "emo@eclipse.org",
"id": "CVE-2021-34429",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1094",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-394611",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34429",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Eclipse Jetty Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat AMQ Broker 7.9.0 release and security update\nAdvisory ID: RHSA-2021:3700-01\nProduct: Red Hat JBoss AMQ\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3700\nIssue date: 2021-09-30\nKeywords: amq,messaging,integration,broker\nCVE Names: CVE-2020-13956 CVE-2020-27223 CVE-2021-3425 \n CVE-2021-3763 CVE-2021-20289 CVE-2021-21290 \n CVE-2021-21295 CVE-2021-21409 CVE-2021-28163 \n CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 \n CVE-2021-29425 CVE-2021-34428 CVE-2021-34429 \n=====================================================================\n\n1. Summary:\n\nRed Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red\nHat AMQ Broker 7.8.2, and includes security and bug fixes, and\nenhancements. For further information, refer to the release notes linked to\nin the References section. \n\nSecurity Fix(es):\n\n* httpclient: apache-httpclient: incorrect handling of malformed authority\ncomponent in request URIs (CVE-2020-13956)\n\n* jetty: request containing multiple Accept headers with a large number of\n\"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* resteasy-jaxrs: resteasy: Error message exposes endpoint class\ninformation (CVE-2021-20289)\n\n* netty: Information disclosure via the local system temporary directory\n(CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation\n(CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jetty-server: jetty: Symlink directory exposes webapp directory contents\n(CVE-2021-28163)\n\n* jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty-server: jetty: Resource exhaustion when receiving an invalid large\nTLS frame (CVE-2021-28165)\n\n* jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are\nable to access protected resources within the WEB-INF directory\n(CVE-2021-28169)\n\n* commons-io: apache-commons-io: Limited path traversal in Apache Commons\nIO 2.2 to 2.6 (CVE-2021-29425)\n\n* broker: Red Hat AMQ Broker: discloses JDBC username and password in the\napplication log file (CVE-2021-3425)\n\n* jetty-server: jetty: SessionListener can prevent a session from being\ninvalidated breaking logout (CVE-2021-34428)\n\n* jetty-server: jetty: crafted URIs allow bypassing security constraints\n(CVE-2021-34429)\n\n* broker: AMQ Broker 7: Incorrect privilege in Management Console\n(CVE-2021-3763)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS\n1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information\n1936629 - CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents\n1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6\n1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory\n1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout\n1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints\n2000654 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13956\nhttps://access.redhat.com/security/cve/CVE-2020-27223\nhttps://access.redhat.com/security/cve/CVE-2021-3425\nhttps://access.redhat.com/security/cve/CVE-2021-3763\nhttps://access.redhat.com/security/cve/CVE-2021-20289\nhttps://access.redhat.com/security/cve/CVE-2021-21290\nhttps://access.redhat.com/security/cve/CVE-2021-21295\nhttps://access.redhat.com/security/cve/CVE-2021-21409\nhttps://access.redhat.com/security/cve/CVE-2021-28163\nhttps://access.redhat.com/security/cve/CVE-2021-28164\nhttps://access.redhat.com/security/cve/CVE-2021-28165\nhttps://access.redhat.com/security/cve/CVE-2021-28169\nhttps://access.redhat.com/security/cve/CVE-2021-29425\nhttps://access.redhat.com/security/cve/CVE-2021-34428\nhttps://access.redhat.com/security/cve/CVE-2021-34429\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.9.0\nhttps://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYVWKK9zjgjWX9erEAQiu0A/+NJe1AtB06jaucFaOVo6/q4A3geYdiNfX\naU44bpkaYfOHdYkd2Ec59L3ImNIUCYMxUZIWhNfyUwMKAGxRnj2Q0tzm3O6ZCwcL\n3DIVXlJHfrQHN8rZ38rG0bi4l4OnnSV1y2kskqkOITFcv6N0MmyQ8+rzG/m5VHC6\nc9IBl0zXGZs+8sXDsXzN7tabdieUmke1FyR1SV/YsR9rnnm1cZJcfJqJcKWeKD0v\nGMvKjgq6VImt8xAZbaOHWzV3+PfinisPh7XYRabE87EAyMFmy5jWclZrg8UhsaYX\nDEV2+wis3jgANdAgvNox/7camxSciogKKSTxc8ZTPaok33GeudET5pmVbac9sQsc\ne/jrTvN+AnHMtGoQQwAHPQH3DMjomzd1vmjV4aI6UfearT0GlkLLMVcn6wp2OQ7w\nd+yh2QnDGXUHLYCkAcvNVklL8ZGlhxgV9zdhoYVSdiZPXAQNvfCDgNilzMaJKXmF\nk2sR0BB3wnSG7//dUTbNTbBQw8JpuYesDpUC+JYMWErnFak9MGj0Q+ISfxYE9vC5\nLSiCsqNHibsGcA5XpVVvO4q/LM6mwhCozD4WXrCw3xl4n4EWWiTQceF+yYSRtsmn\npWcWk56HHAlr5Qs9jRuW90pzyf8X/T9rEmugb62Z7SGSUH/A4xJxLpZJHb4q/whu\nhBENV2qm+t4=\n=l+R3\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nSecurity Fix(es):\n\n* jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n(CVE-2021-38153)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"db": "PACKETSTORM",
"id": "164346"
},
{
"db": "PACKETSTORM",
"id": "165564"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-394611",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34429",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "50478",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164346",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012750",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042520",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021093016",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072091",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060717",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3256",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2879",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0195",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3156",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-394611",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34429",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "PACKETSTORM",
"id": "164346"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"id": "VAR-202107-1585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-20T00:22:37.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://github.com/eclipse/jetty.project/security/advisories/ghsa-vjv5-gp2w-65vm"
},
{
"title": "Eclipse Jetty Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=158187"
},
{
"title": "Debian CVElist Bug Report Logs: jetty9: CVE-2021-34429",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=958d7f11470eb2595bad01a01f3abf85"
},
{
"title": "Red Hat: CVE-2021-34429",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-34429"
},
{
"title": "CVE-2021-34429",
"trust": 0.1,
"url": "https://github.com/coldfusionx/cve-2021-34429 "
},
{
"title": "JETTY CVE-2021-34429",
"trust": 0.1,
"url": "https://github.com/cwh945/jetty-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://github.com/eclipse/jetty.project/security/advisories/ghsa-vjv5-gp2w-65vm"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34429"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3ccommits.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3cdev.santuario.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3cdev.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3ccommits.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3ccommits.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread/t2ypp3t3v7n1p12h4yclp8fopf7dmryb"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread/x07thv8bylkgxpqkmp2wvrj1po2dm8mq"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread/lyt8zcojbszzo2xnyzkm695rh6w26mb8"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread/0w67910oxj7t53c0ql56h7744jkzvgxf"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3cdev.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3cissues.hbase.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3ccommits.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3ccommits.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3ccommits.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3cdev.santuario.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165564/red-hat-security-advisory-2022-0138-06.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072013"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0195"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060717"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042520"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6527232"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072091"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021093016"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50478"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2879"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/eclipse-jetty-information-disclosure-via-web-inf-directory-access-35918"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3156"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012750"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-34429"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29425"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3425"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "PACKETSTORM",
"id": "164346"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-394611"
},
{
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"db": "PACKETSTORM",
"id": "164346"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-394611"
},
{
"date": "2021-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"date": "2022-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"date": "2021-09-30T16:39:42",
"db": "PACKETSTORM",
"id": "164346"
},
{
"date": "2022-01-14T15:29:02",
"db": "PACKETSTORM",
"id": "165564"
},
{
"date": "2021-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-07-15T17:15:08.637000",
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-27T00:00:00",
"db": "VULHUB",
"id": "VHN-394611"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34429"
},
{
"date": "2022-05-31T08:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-009832"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-11-07T03:35:59.680000",
"db": "NVD",
"id": "CVE-2021-34429"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eclipse\u00a0Jetty\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1094"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
VAR-201803-1822
Vulnerability from variot - Updated: 2023-12-18 11:45The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. NTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-12
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: May 26, 2018 Bugs: #649612 ID: 201805-12
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p11 >= 4.2.8_p11
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p11"
References
[ 1 ] CVE-2018-7170 https://nvd.nist.gov/vuln/detail/CVE-2018-7170 [ 2 ] CVE-2018-7182 https://nvd.nist.gov/vuln/detail/CVE-2018-7182 [ 3 ] CVE-2018-7183 https://nvd.nist.gov/vuln/detail/CVE-2018-7183 [ 4 ] CVE-2018-7184 https://nvd.nist.gov/vuln/detail/CVE-2018-7184 [ 5 ] CVE-2018-7185 https://nvd.nist.gov/vuln/detail/CVE-2018-7185
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201805-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3707-2 January 23, 2019
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in NTP.
Software Description: - ntp: Network Time Protocol daemon and utility programs
Details:
USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. (CVE-2016-7426)
Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. (CVE-2016-7427, CVE-2016-7428)
Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or unset traps. (CVE-2016-9310)
Matthew Van Gundy discovered that NTP incorrectly handled the trap service. (CVE-2016-9311)
It was discovered that the NTP legacy DPTS refclock driver incorrectly handled the /dev/datum device. (CVE-2017-6462)
It was discovered that NTP incorrectly handled certain invalid settings in a :config directive. A remote authenticated user could possibly use this issue to cause NTP to crash, resulting in a denial of service. (CVE-2017-6463)
Michael Macnair discovered that NTP incorrectly handled certain responses. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-7183)
Miroslav Lichvar discovered that NTP incorrectly handled certain zero-origin timestamps. (CVE-2018-7185)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: ntp 1:4.2.6.p3+dfsg-1ubuntu3.12
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3707-2 https://usn.ubuntu.com/usn/usn-3707-1 CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310, CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183, CVE-2018-7185 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] ntp (SSA:2018-060-02)
New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. This release addresses five security issues in ntpd: * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of Cisco. * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. Reported by Yihan Lian of Qihoo 360. * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations. Reported on the questions@ list. * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association. Reported by Miroslav Lichvar of Red Hat. For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: b2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz
Slackware 14.1 package: 78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: e0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz
Slackware 14.2 package: 81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: d2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz
Slackware -current package: c3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz
Slackware x86_64 -current package: fa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK 13MAnR04OluKfiEsJVgO6uWJKXy2HOGq =FRx7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1822",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ntp",
"scope": "eq",
"trust": 1.3,
"vendor": "ntp",
"version": "4.2.8"
},
{
"model": "hpux-ntp",
"scope": "lt",
"trust": 1.0,
"vendor": "hpe",
"version": "c.4.2.8.4.0"
},
{
"model": "fujitsu m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "diskstation manager",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "fujitsu m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "skynas",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.1.5-15254"
},
{
"model": "fujitsu m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "fujitsu m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "fujitsu m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "ntp",
"scope": "lt",
"trust": 1.0,
"vendor": "ntp",
"version": "4.2.8"
},
{
"model": "router manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "1.1.6-6931-3"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fujitsu m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "router manager",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "1.1"
},
{
"model": "fujitsu m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "vs960hd",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "2.2.3-1505"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "fujitsu m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "virtual diskstation manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.1.6-15266"
},
{
"model": "fujitsu m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "fujitsu m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp3070"
},
{
"model": "fujitsu m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "diskstation manager",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.1.6-15266"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "hci",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ntp",
"scope": "gte",
"trust": 1.0,
"vendor": "ntp",
"version": "4.2.6"
},
{
"model": "fujitsu m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "xcp2361"
},
{
"model": "ntp",
"scope": "eq",
"trust": 0.9,
"vendor": "ntp",
"version": "4.2.6"
},
{
"model": "ntp",
"scope": "lt",
"trust": 0.8,
"vendor": "ntp",
"version": "4.2.6 thats all 4.2.8p11"
},
{
"model": "linux",
"scope": null,
"trust": 0.8,
"vendor": "slackware",
"version": null
},
{
"model": "diskstation manager",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "router manager",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "skynas",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "virtual diskstation manager",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "vs960hd",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "4.2.8p9",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p8",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p7",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p6",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p5",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p4",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p3",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p2",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p10",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.8p1",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.7p385",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.7p366",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.7p22",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.7p111",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "4.2.7p11",
"scope": null,
"trust": 0.3,
"vendor": "ntp",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.4.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.50"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.6"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "4.2.8p11",
"scope": "ne",
"trust": 0.3,
"vendor": "ntp",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "103339"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.6-15266",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.6-6931-3",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.5-15254",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.1.6-15266",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.3-1505",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7185"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Miroslav Lichvar of Red Hat.",
"sources": [
{
"db": "BID",
"id": "103339"
}
],
"trust": 0.3
},
"cve": "CVE-2018-7185",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7185",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-137217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-7185",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7185",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-141",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-137217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association. ntp Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nNTP version 4.2.6 prior to 4.2.8p11 are vulnerable. protocol engine is one of the protocol engines. This issue only affected Ubuntu\n17.10 and Ubuntu 18.04 LTS. This issue only affected Ubuntu 17.10 and Ubuntu\n18.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201805-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: May 26, 2018\n Bugs: #649612\n ID: 201805-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to remote code execution. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p11 \u003e= 4.2.8_p11 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p11\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-7170\n https://nvd.nist.gov/vuln/detail/CVE-2018-7170\n[ 2 ] CVE-2018-7182\n https://nvd.nist.gov/vuln/detail/CVE-2018-7182\n[ 3 ] CVE-2018-7183\n https://nvd.nist.gov/vuln/detail/CVE-2018-7183\n[ 4 ] CVE-2018-7184\n https://nvd.nist.gov/vuln/detail/CVE-2018-7184\n[ 5 ] CVE-2018-7185\n https://nvd.nist.gov/vuln/detail/CVE-2018-7185\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201805-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2018 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3707-2\nJanuary 23, 2019\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in NTP. \n\nSoftware Description:\n- ntp: Network Time Protocol daemon and utility programs\n\nDetails:\n\nUSN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This\nupdate provides the corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n spoofed addresses when performing rate limiting. \n (CVE-2016-7426)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n crafted broadcast mode packets. \n (CVE-2016-7427, CVE-2016-7428)\n\n Matthew Van Gundy discovered that NTP incorrectly handled certain\n control mode packets. A remote attacker could use this issue to set or\n unset traps. (CVE-2016-9310)\n\n Matthew Van Gundy discovered that NTP incorrectly handled the trap\n service. (CVE-2016-9311)\n\n It was discovered that the NTP legacy DPTS refclock driver incorrectly\n handled the /dev/datum device. (CVE-2017-6462)\n\n It was discovered that NTP incorrectly handled certain invalid\n settings in a :config directive. A remote authenticated user could\n possibly use this issue to cause NTP to crash, resulting in a denial\n of service. (CVE-2017-6463)\n\n Michael Macnair discovered that NTP incorrectly handled certain\n responses. A remote attacker could possibly use this issue to execute\n arbitrary code. (CVE-2018-7183)\n\n Miroslav Lichvar discovered that NTP incorrectly handled certain\n zero-origin timestamps. (CVE-2018-7185)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.12\n\nIn general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3707-2\n https://usn.ubuntu.com/usn/usn-3707-1\n CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-9310,\n CVE-2016-9311, CVE-2017-6462, CVE-2017-6463, CVE-2018-7183,\n CVE-2018-7185\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] ntp (SSA:2018-060-02)\n\nNew ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix security issues. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz: Upgraded. \n This release addresses five security issues in ntpd:\n * LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability:\n ephemeral association attack. While fixed in ntp-4.2.8p7, there are\n significant additional protections for this issue in 4.2.8p11. \n Reported by Matt Van Gundy of Cisco. \n * INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer\n read overrun leads to undefined behavior and information leak. \n Reported by Yihan Lian of Qihoo 360. \n * LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated\n ephemeral associations. Reported on the questions@ list. \n * LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode\n cannot recover from bad state. Reported by Miroslav Lichvar of Red Hat. \n * LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet\n can reset authenticated interleaved association. \n Reported by Miroslav Lichvar of Red Hat. \n For more information, see:\n http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p11-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p11-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ntp-4.2.8p11-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p11-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p11-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n01c86ddfabec68d52877336258d064c7 ntp-4.2.8p11-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nb2d36d96f9a4d84df3586d38b8b47389 ntp-4.2.8p11-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n78b4e9221e725dcb45160950bfc926d0 ntp-4.2.8p11-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ne0d32ed484e02ad28c59838e6407d549 ntp-4.2.8p11-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n81690d8e511b403f0fe89c1d120f5049 ntp-4.2.8p11-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nd2c877e3d1b9c7ce003ef090c7610c74 ntp-4.2.8p11-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc3ee95d3944b09c2e891883dc5411a6f n/ntp-4.2.8p11-i586-1.txz\n\nSlackware x86_64 -current package:\nfa9c7a8aca0c769791e34a8e48e6d260 n/ntp-4.2.8p11-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p11-i586-1_slack14.2.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. |\n+------------------------------------------------------------------------+\n-----BEGIN PGP SIGNATURE-----\n\niEYEARECAAYFAlqYjI8ACgkQakRjwEAQIjM5rACfdDAWRxL2nQATj8HFDPgCVInK\n13MAnR04OluKfiEsJVgO6uWJKXy2HOGq\n=FRx7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "BID",
"id": "103339"
},
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "PACKETSTORM",
"id": "148455"
},
{
"db": "PACKETSTORM",
"id": "147917"
},
{
"db": "PACKETSTORM",
"id": "151287"
},
{
"db": "PACKETSTORM",
"id": "146631"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7185",
"trust": 3.2
},
{
"db": "BID",
"id": "103339",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "146631",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-137217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148455",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "147917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151287",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "BID",
"id": "103339"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "PACKETSTORM",
"id": "148455"
},
{
"db": "PACKETSTORM",
"id": "147917"
},
{
"db": "PACKETSTORM",
"id": "151287"
},
{
"db": "PACKETSTORM",
"id": "146631"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"id": "VAR-201803-1822",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-137217"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:45:29.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTP Bug 3454",
"trust": 0.8,
"url": "http://support.ntp.org/bin/view/main/ntpbug3454"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.slackware.com/"
},
{
"title": "Synology-SA-18:13",
"trust": 0.8,
"url": "https://www.synology.com/support/security/synology_sa_18_13"
},
{
"title": "NTP protocol Repair measures for engine security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78915"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/103339"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/146631/slackware-security-advisory-ntp-updates.html"
},
{
"trust": 2.0,
"url": "http://support.ntp.org/bin/view/main/ntpbug3454"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"trust": 1.7,
"url": "https://www.synology.com/support/security/synology_sa_18_13"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-18:02.ntp.asc"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03962en_us"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7185"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7185"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019verbose-5072833.html"
},
{
"trust": 0.3,
"url": "http://www.ntp.org/"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinapr2018-4443185.html"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory10.asc"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7184"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7182"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7183"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3707-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7170"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03962en_us"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p10+dfsg-5ubuntu7.1"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3707-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6462"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6463"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7184"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7170"
},
{
"trust": 0.1,
"url": "http://support.ntp.org/bin/view/main/securitynotice#february_2018_ntp_4_2_8p11_ntp_s"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "BID",
"id": "103339"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "PACKETSTORM",
"id": "148455"
},
{
"db": "PACKETSTORM",
"id": "147917"
},
{
"db": "PACKETSTORM",
"id": "151287"
},
{
"db": "PACKETSTORM",
"id": "146631"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-137217"
},
{
"db": "BID",
"id": "103339"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"db": "PACKETSTORM",
"id": "148455"
},
{
"db": "PACKETSTORM",
"id": "147917"
},
{
"db": "PACKETSTORM",
"id": "151287"
},
{
"db": "PACKETSTORM",
"id": "146631"
},
{
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-137217"
},
{
"date": "2018-02-27T00:00:00",
"db": "BID",
"id": "103339"
},
{
"date": "2018-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"date": "2018-07-09T23:38:43",
"db": "PACKETSTORM",
"id": "148455"
},
{
"date": "2018-05-26T22:55:24",
"db": "PACKETSTORM",
"id": "147917"
},
{
"date": "2019-01-23T21:28:55",
"db": "PACKETSTORM",
"id": "151287"
},
{
"date": "2018-03-01T23:35:00",
"db": "PACKETSTORM",
"id": "146631"
},
{
"date": "2018-03-06T20:29:01.500000",
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"date": "2018-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-137217"
},
{
"date": "2018-08-15T10:00:00",
"db": "BID",
"id": "103339"
},
{
"date": "2018-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002750"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-7185"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "148455"
},
{
"db": "PACKETSTORM",
"id": "147917"
},
{
"db": "PACKETSTORM",
"id": "151287"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ntp Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-141"
}
],
"trust": 0.6
}
}
FKIE_CVE-2024-32487
Vulnerability from fkie_nvd - Published: 2024-04-13 15:15 - Updated: 2025-06-17 20:58| Vendor | Product | Version | |
|---|---|---|---|
| greenwoodsoftware | less | * | |
| debian | debian_linux | 10.0 | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | hci_storage_nodes | - | |
| netapp | solidfire | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:greenwoodsoftware:less:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC0C9A4-FF76-4EE4-844F-98D13A41D3BA",
"versionEndIncluding": "653",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "855D6A52-F96F-4CA0-A59C-4D42173F22E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
},
{
"lang": "es",
"value": "less hasta 653 permite la ejecuci\u00f3n de comandos del sistema operativo mediante un car\u00e1cter de nueva l\u00ednea en el nombre de un archivo, porque las comillas se manejan mal en filename.c. La explotaci\u00f3n normalmente requiere el uso de nombres de archivos controlados por el atacante, como los archivos extra\u00eddos de un archivo que no es de confianza. La explotaci\u00f3n tambi\u00e9n requiere la variable de entorno LESSOPEN, pero est\u00e1 configurada de forma predeterminada en muchos casos comunes."
}
],
"id": "CVE-2024-32487",
"lastModified": "2025-06-17T20:58:12.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-13T15:15:52.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-96"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2024-32487 (GCVE-0-2024-32487)
Vulnerability from cvelistv5 – Published: 2024-04-13 00:00 – Updated: 2024-08-02 02:13- n/a
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "less",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "653",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T18:38:36.239380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:31:29.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:11:52.179329",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32487",
"datePublished": "2024-04-13T00:00:00",
"dateReserved": "2024-04-13T00:00:00",
"dateUpdated": "2024-08-02T02:13:39.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32487 (GCVE-0-2024-32487)
Vulnerability from nvd – Published: 2024-04-13 00:00 – Updated: 2024-08-02 02:13- n/a
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:less:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "less",
"vendor": "netapp",
"versions": [
{
"lessThanOrEqual": "653",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T18:38:36.239380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T16:31:29.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:11:52.179329",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/13/2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/12/5"
},
{
"url": "https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33"
},
{
"name": "[oss-security] 20240415 Re: less(1) with LESSOPEN mishandles \\n in paths",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0009/"
},
{
"name": "[debian-lts-announce] 20240527 [SECURITY] [DLA 3823-1] less security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32487",
"datePublished": "2024-04-13T00:00:00",
"dateReserved": "2024-04-13T00:00:00",
"dateUpdated": "2024-08-02T02:13:39.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}